Privacy aspects of cyber risks: companies learn the hard way

It’s already happening: anyone who took cyber insurance to be a marketing wheeze by the insurance industry is being punished for their misjudgement. Violations of the GDPR are being particularly severely penalised. Company managers are horrified by fines meted out so far.

Up to 20 million euros or 4 percent of annual global turnover: many managers are finding it hard to get over these figures. That’s how expensive it could be if a company violates the GDPR. A hospital in Portugal is having to pay 400,000 euros, London’s Heathrow Airport 135,000 euros, and German chat and gaming platform Knuddels.de 20,000 euros. This crackdown by the authorities is generating increasing demand for cyber insurance this year. Because, if companies can demonstrate that they’ve implemented technical and organisational measures to control their risks, the authorities will take a positive view. The services they purchase when taking out cyber insurance often serve as evidence of these measures.

At the same time, claims figures are rising in this line. This is due to ransomware such as WannaCry and NotPetya. The insurance industry is alarmed: cybercriminals are highly creative and skilled. Their attacks cannot be predicted. Fear of high insurance claims is great. That’s why, this year, insurers are closely scrutinising how well-established risk provisioning and risk management are among their commercial customers. The high standards in these areas are rarely met. As a result, insurers will make lower insurance amounts available to companies. They will also increasingly removeelements of cyber risks cover which are included in other lines.

For commercial customers, this makes it essential to cover cyber risks under a standalone cyber policy. This requires companies to carry out a professional analysis of their existing risks and to present this analysis to insurers. Insurers also require certain technical standards within the company. If these requirements are not met, insurers will restrict the coverage, decline to make the desired capacity available to companies or, in the worst-case scenario, refuse to cover a company’s risks.

Startseite Das passiert im Jahr 2019 Abgas-Skandal bereitet das Feld für Sammelklagen in Deutschland Cyber-Risiken durch Datenschutz: Unternehmen zahlen Lehrgeld Millionenschäden nach Bränden machen Sachversicherungen teurer Kontakte Home What’s in store for 2019 Emissions scandal paves the way for class actions in Germany Privacy aspects of cyber risks: companies learn the hard way Losses running into millions following fires push up the cost of property insurance Contacts