Germany: Cyber risk insurance market
The threat from cyber risks – especially loss of data or hacker attacks – is increasing rapidly in Germany too. Experts assume that more than half of all companies have fallen victims to hacker attacks. For nearly two years, cyber insurance has also been offered on the German market. This insurance covers claims arising from loss of data or hacker attacks to an extent as stipulated in the insurance contract and usually also makes available the necessary service providers such as IT forensics, PR and law consultants to ensure an appropriate response in case of an emergency.
Until one year ago, only three or four insurers sold coverage for cyber risks in Germany. At the end of 2013, nearly a dozen insurers offered this kind of insurance. In addition, more and more German insurers are marketing products of their own. Meanwhile, by means of coinsurance as well as supplementary and additional coverage, limits in the three-digit million range are available to clients. The insurance conditions offered by the various insurers still differ widely. There is, however, a trend towards harmonisation and a clearly distinguishable readiness of insurers to negotiate on the conditions. Whereas at the beginning, premiums and indemnities differed widely, a gradual alignment between insurers of cyber risks is taking place.
In comparison with the previous year, it is possible to detect an increased level of interest in cyber insurance among companies. Risk-consciousness has definitely risen. Spectacular hacker attacks on companies of all sectors and sizes certainly contributed to this development.
Companies’ interest in cyber insurance will continue to grow. According to recent public opinion surveys, threats from cyber crimes and negligent loss of data are causes of great concern for many companies and will continue to haunt those responsible for risk management also in 2014. In the long run, cyber insurance may experience a similar development as D&O insurance, whose importance has grown considerably over the years.
The General Data Protection Regulation planned by the EU Commission will be another factor that forces companies to tackle data-protection issues more thoroughly. The Regulation authorises the supervisory authorities to impose severe fines for infringement of data-protection rights, for example. In addition, the Draft Regulation provides for a stricter reporting obligation in the event of infringement of the protection of personal data. Wherever possible, such an infringement should be reported within 24 hours of its discovery. As cyber insurers normally also provide crisis management, they offer a basis for an immediate and appropriate response, which helps to reduce or even avoid the possibility of a fine being imposed.
In 2014, further insurers will enter the market for cyber insurance, intensifying competition. Even though the insurance conditions are being harmonised at present, there will be further changes in the scopes of coverage. Since the extent of technological progress is not yet manageable today and hackers are continually developing new methods, the insurance conditions will have to be adjusted to the changing scenarios at regular intervals.
Even today, it is possible to control vehicles, clinical appliances and whole production systems by remote access. This will constitute a new challenge to companies, brokers and insurers in the future.