Dual cover for your risk
IT security takes high priority these days in every company. But there’s no one-size-fits-all solution because each industry has its own particular risks. Companies should find ways, based on their individual risk situation, to combine two forms of cover in a sensible way: cyber insurance and fidelity insurance.
The rapid development of information and communication technology is leading to global connectivity. At the same time, the legal requirements for companies are rising, such as those set out in the General Data Protection Regulation. Demands on corporate executives are increasing: they have to identify security vulnerabilities throughout the company, come up with technical and organisational measures to combat these together with the IT department and establish emergency contingency plans. But the requirements vastly differ, and each industry is confronted with its own individual risks.
The term ‘cyber’ can easily cause confusion because it suggests that it only deals with ‘cyber crime’. The current threat situation, however, goes far beyond that. The increasing complexity of IT systems generally leads to increased vulnerability. This is true not only in terms of sabotage by third parties, but also technical problems or user errors by employees. Add to this international corporate structures that make the implementation of internal control and information security management systems difficult. All of this results in increased vulnerability. ‘The ubiquity of information about people and companies makes it easy for criminals to prepare targeted attacks. They identify people as the weakest link in the (IT) security chain and exploit them accordingly,’ says Alexandra Köttgen, an expert in fidelity insurance at Funk. Criminals use this method online and offline.
In designing the insurance models, it is important to take into account both the industry-specific aspects and the company’s individual situation. ‘We’re using the existing insurance scheme as a basis and investigate how sensible and feasible it is to extend cover to include risk-specific concepts. Cyber and fidelity insurance are the focus here,’ says Michael Winte, Head of the Cyber, Technology & Crime team at Funk. Due to the broad range of existing risks and the combinations of claims that come with them, both cover schemes are being expanded. ‘There are hardly any overlaps because triggers for claims are so different,’ says Winte.
It depends on the damage
To cover all of these differences, Funk has developed independent, modular models that can be optimally combined. Risks from the area of commercial criminality, such as the ‘fake president’ scam, are not usually directly connected to an information security breach. In cases like these, Funk CrimeSecure fidelity insurance comes into play. The trigger for a claim is always what determines which model is employed – this allows for a clear separation of the cover schemes. Cyber insurance is employed in addition in the event of an information security breach. Alongside CyberSecure for industrial companies, Funk has developed additional special cover here for special industry needs, such as Funk CyberProfessional for contractors or a special model for lawyers and accountants.
Cyber insurance
Subject of cover
Damages caused by an information security breach triggered by specific events are insured.
Elements of cover
- Third-party claims
- First-party losses in the form of comprehensive cost components (including IT forensics, data restoration, crisis management and legal consultancy, information costs)
- Business interruption
- Ransom payments
Fidelity insurance
Subject of cover
Financial losses of the insured company arising from the unauthorised, deliberate actions of a trusted individual and arising from third parties within a defined scope are covered.
Elements of cover
- Financial losses by trusted individuals
- Financial losses by third parties (e.g. scams (‘fake president’), robbery or theft)
- Cost items (including costs of determining damage, legal prosecution, PR)