Cyber Risk insurance was introduced to the public to help businesses not only deal with the financial aftermaths of the potentially devastating effects cybercrime causes, but also to prevent these from happening in the first place, offering companies additional access to external IT-Service-Providers.
Common threats such as Ransomware, Distributed Denial-of-Service (DDoS) and Malware are just a few of the dozen methods criminals use nowadays to hack a network. Starting such an attack the perpetrator has just one primary objective and this is to gain access to sensitive information, as latter is the most important resource in today’s world.
As technology advances, the number of electrical gadgets and applications grow within a company, thus increasing the risk of making these more vulnerable to cyber-attacks. And although these risks are not new to any industry, recent attacks on huge corporations have exposed that still too many companies underestimate the consequences, due to careless preparations to prevent such. And when it happens, more rather than few are missing resources to combat a cyber-attack or recuperate losses.
What Cyber-Risk insurances cover
Most Cyber-Risk insurance plans cover a broad range of losses that may unexpectedly arise from cyberattacks. In addition, some providers reimburse expenses caused by physical damage to hardware or cover loss-of-income. Depending on the current business security posture, plans can even be tailored to meet just the requirements, without having to waste money on insurance coverage where no real need exists.
- Benefits
Standard
- Insured sums up to 10 million Euros and beyond
- Excesses per claim between zero and 5,000€
- Backwards coverage possible
- Bring Your Own Device (BYOD) covered
private devices also used for commercial purposes are insured - Misused is covered
- Worldwide coverage based on German or European legislation
- Preventive measures, such as
- Online staff training
- Preparation of an exclusive crisis plan
Above Standard
- Business interruption, in the event of ...
- Cloud-service failure
- System failure
- Technical problems (e.g. loss of electricity, corrupted system-update)
- Cyber Espionage
- Expenses related to the investigation of a suspected espionage
- Legal assistance in cases of espionage
- Directors and Officers (D&O) Protection
- E-Payment
Compensated of contractual penalties due to breach of PCI-Standards - Loss of trust, including former employees and such as:
- Asset drain due to cyber theft
- Data abuse / data erasure
- Fraudulant scams, such as: "Fake President", "CEO Fraud"
- Insured Risks
Own Damages
Costs will be compensated for own damage related to:
- Business interruption / Loss of earnings after a cyber attack
- Variable waiting periods available, e.g. 6 hours or 2 days
- Damages to the IT-system's hardware
- Fines related to Data Protection violation in foreign countries (if legally possible)
- Restoring data and software
- Telephone expenses in the event of a digital telephone system being misused
Liability
Liability claims will be checked, warding off if unjustified and costs related to defensive actions an insurer might have to undergo are not taken into account against the insured sum.
In addition, the accused will be exempted from compensation claims linked to...- illegal digital communications
- contractual commitments
- delayed services
Furthermore, included is Criminal Legal Protection in conjunction with adminstrative-offence or criminal proceedings
Services & Associtated Costs
- Forensic investigations to determine a cyber attack, and ...
- ...in order to determine the causes
- ...to ascertain the damage
- Damage asssement and advice
- Security analysis and improvement
- Notification costs related to:
- Involved / affected parties
- Data Protection Authorities in the event of a data protection breach
- Call centre expenses
- Costs for:
- Public Relations and involved consultations
- Credit card or other bank account monitoring in the event relevant data is exposed
- Applying preventive measures before the occurrence of an insured event
- Business interruption / Loss of earnings after a cyber attack
- Claims Support
- 24/7/365 Assistance Hotline
- Prompt determination of the cause
- Arrangement of an emergency IT service provider or auditor in the event of a cyber attack
- Defence implementation against an imminent cyber attack
- On-site repair
- Crisis Management Consulting
- includes consultations on how to proceed with Public Relations
- Reimbursement of expenses of the following kinds:
- Own financial loss
- Third Party financial loss
- Commissioned external IT-service provider
Is cyber-Security defense replaceable with Cyber-Risk insurance?
No. Cyber risk insurance can be a great way to mitigate the damage caused by a breach, but it should complement cybersecurity technology as part of an overall cyber risk management plan.
Cyber risk insurers analyze the strength of a company’s cybersecurity posture before issuing any policy. Strong security postures allow for better coverage and, in some cases, access to enhancement coverages. Fragmented enterprise security approaches can make it difficult for insurers to fully understand an organization’s security posture. This can result in inadequate or poorly targeted insurance purchases by insured companies.
If your business has not invested in the appropriate cybersecurity solutions, then you may not qualify for insurance or it could be limited and expensive.
With Cyber Risk insurance in place, the risks of both an attack thus financial loss,
are minimised significantly.
Cyber Lexicon
Access
The use of information or data.
Permissions regulate which persons or IT applications are allowed to access information/ data, or execute transactions.
Adblocker
An application designed to prevent advertising from being displayed on web pages. They recognise a large part of advertisements on the Internet and hide them. Some adblockers can however contain spyware.
Advanced Persistent Threat (APT)
APTs are cyber-attacks aimed at selected institutions and facilities, in which the attacker gains permanent access to a network and subsequently extends access to other systems. This requires high use of resources and considerable technical skills on the attacker's part:
Botnets
A BOTNET is a network of computers (systems) that have been infected by a remote-controlled protection program (bot). The affected systems are monitored and controlled by the botnet operator using Command-and-Control-Servers (C&C-Server).
Cache Poisoning
Cache Poisoning is the smuggling of manipulated data into the cache, which is then accessed by other applications or services.
The attacker can then change the routes of data packets or divert specific requests for web pages that lead to a bank to fake site.
Cross-Site-Request-Forgery (CSRF)
"Cross-Site Request Forgery" is further form of attack against users of web applications. With this approach the hacker is able to use functions of web applications on behalf and using the name of their victim. An example is the sending of fake status messages on social network platforms: The attacker formulates the message and slips it to the victim when he or she visits a website. If the attack succeeds and the victim is logged on to the relevant social network at the same time as the attack, the message is published in the victim's name.
Chosen-Plaintext-Attack
A cryptographic attack in which the attacker can gain access to cipher rates for plaintext of his choice.
Cyberspace
Cyberspace is the virtual space of all data-level networked or net-workable Information Technology systems worldwide. It is based on the internet as a publicly accessible connecting network, which can be extended by an arbitrary number of data networks.
Data backup
Using a professional data backup, exact clones of existing data is created to protect such against data loss.
Data backup comprises all technical and organisational measures to ensure the availability, integrity and consistency of the systems, as well as the data stored on these systems used for processing data, programs and procedures.
DoS & DDos attacks
An artificially induced overload of a web server or data network that is often controlled by cyber criminals. As opposed to a simple Denial of Service attack, Distributed Denial of Service Attacks ("DDoS") have a by far more immense force to them - multiple computers, so-called "botnets", attack a website or an entire network infrastructure simultaneously and in combination! This can very quickly lead to server failure,
Decryption
A process in which electronic data is made readable or processable again, using mathematical algorithms and private/ secret keys.
In encrypted form, the data cannot be read by an unauthorised third party and can only be restored to its original form by the owner of the associated private or secret key.
Fake President
HTTP
The Hypertext Transfer Protocol "HTTP" is not encrypted!
This means that data transmitted with this protocol can easily be manipulated by third parties. It is therefore strongly advisable not to enter sensitive personal information via an unencrypted website. Consequently, if sensitive information needs to be transmitted over the internet, an encrypted connection (e.g. HTTPS) is inevitable.
HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is a protocol for the secure transmission of data over the Internet.
It is used, for example, for communication between web browser and web server. If a website is classified as secure "https://" is displayed at the very beginning of the address bar within the web browser. The connection is then secured via a purchased SSL certificate.
Spoofing
"Spoofing" is called in the information technology different attempts to deceive in order to conceal one's own identity and to Falsifying transmitted data. The aim is to ensure the integrity and to undermine the authenticity of information processing.
Secret Keys
Secret keys are used in the context of symmetric cryptoalgorithms. Contrary to the private keys used in asymmetric cryptoalgorithms, the entire key data is known to all communications peers.
Spyware
Spyware" is the term used to describe programs that secretly, i.e. without information about a user or the use of the service, and to provide of a computer and forward it to the author of the spyware. Spyware is often considered a nuisance, but it should not be overlooked, that spyware can also be used to obtain security-relevant information such as passwords can be researched.
Trojan Horse
A " Trojan Horse", or "Trojan" in computer jargon, is a program with a hidden and undocumented function or purpose. The "Trojan Horse" does not spread by itself, but instead promotes its usefulness using a host program, the very software the user is actually interested in installing. As soon as this so-called "malware" has been installed, cyber thieves and hackers gain access to the user's system.
Virus
Classical form of malware that spreads itself and can carry different levels of malicious potential (no malicious function up to the deletion of data on a hard disk). "Viruses" occur in combination with a host, e.g. an infected document or program.
Zero-Day-Exploit
The exploitation of a vulnerability known only to the discoverer is characterized by the term "zero-day exploit". The public and the manufacturer of the affected product usually only become aware of the vulnerability when attacks based on this vulnerability are discovered. The manufacturer has no time to protect users from the first attacks.