- In view of rising cyber criminality, IT security is not enough: a holistic risk management approach is the order of the day
- New Allianz Cyber Protect policy offers comprehensive protection against online threats
- Critical dependency on digital networks supports growth of cyber insurance for businesses
PRESS RELEASE - Munich, July 10, 2013
If cyber criminals steal data, introduce malware into networks or cause servers to shut down because of denial of service attacks, businesses risk damage running into the millions, as well as reputational damage. The new Allianz Global Corporate & Specialty (AGCS) Allianz Cyber Protect insurance solution will enable businesses to protect themselves comprehensively against online risks in future. It covers a variety of first and third-party damage sustained by businesses if they themselves become victims of cyber crime or if their customers hold them liable.
"Combining P&C, liability and pure financial loss insurance components, our new cyber insurance policy offers comprehensive protection against growing internet threats. Our aim was to develop a transparent insurance product that is easy to take out and to adapt to the needs of a specific company," explains Hartmut Mai, member of the AGCS Board of Management and Chief Underwriting Officer Corporate Lines.
Cyber crime is on the rise, with not only private individuals, but also companies being targeted. In 2012, 60,000 cyber crimes were registered in Germany alone (German Criminal Police Office); however, experts estimate that only one in 1,000 cases of cyber crime even gets reported. The Bavarian Business Association estimates damage to the German economy caused by cyber crime to amount to EUR 50bn per year.
Simultaneously, data protection is being strengthened further by means of provisions such as the amendment to the 2009 German Federal Data Protection Act or the planned EU-wide reporting obligation as regards cyber attacks. This means that businesses have to comply with ever more data protection provisions to avoid fines or liability cases.
In view of the increasing risks, AGCS is convinced that cyber insurance will become commonplace in major German companies over the coming years as well. In the US, these policies are already a major component of companies' insurance portfolios, generating premium income of approx. 1.3bn US dollars (EUR 990 mn) (Betterley Report 2013). "Germany and Europe clearly have some catching up to do. We are certain that cyber insurance will become an independent product type within industrial insurance here, too. We want to actively occupy and shape this new market segment," says Mai. According to AGCS calculations, the cyber insurance market in Europe could generate premium income of EUR 700-900 million by 2018.
Three possible cover options up to €50 million
On the one hand, Allianz Cyber Protect provides cover for own damage sustained by an insured company if it falls victim to cyber crime. For instance such damage includes expenses incurred for informing customers, for forensic investigations performed by the IT department, for the restoration of damaged or destroyed data or for loss of income resulting from interruptions of operation. Another component includes covering the costs of crisis communication for the purpose of safeguarding the company's reputation. On the other hand the policy covers liability claims made by customers of the insured company who sustained losses as a result of cyber attacks, denial of service attacks, data protection violations or faulty digital communication. With a basic limit of indemnity of up to EUR 10 mn, Allianz Cyber Protect thus offers wide-ranging protection against all major cyber risks, but only requires a streamlined risk assessment prior to signing the policy.
In addition to this standard cover, there are two enhanced options for Allianz Cyber Protect, 'Premium' and 'Premium plus.' "Our customers can opt for the standard of cyber protection that corresponds to their risk profile. Depending on both the business model and IT applications, the risk of attack can be higher or lower," explains Joachim Albers who co-ordinated the cross-line development of this new product. The premium option comprises tailor-made solutions including a limit of indemnity of up to EUR 50 mn and an extended scope of cover, which also includes process weaknesses caused by a company itself or employee errors triggering IT outages or data mishaps. Premium models involve a detailed advance assessment of the company's IT processes by specialized AGCS risk engineers.
Assessing the IT maturity of companies
"In this way we gain an insight into the quality of the company's IT systems and risk culture, supporting our customers in improving their risk management. What is important is that prevention and continuous improvement of a company's own weaknesses take priority", explains AGCS risk engineer José Fidalgo. The costs of making data exchange as secure as possible are always lower than the damage caused by data theft, data loss or a negative image.
In the medium term, Allianz Cyber Protect will replace the Global Net & ESI Net IT policy which AGCS had ben offering to selected major customers, exclusively in Germany, since 2004. "We have acquired quite a customer base and gathered valuable experience," explains Mai. "With Allianz Cyber Protect we have now developed a product that can be offered globally. The policy, which will first be introduced in Germany, will also be offered in Austria, Switzerland, the UK, France, Spain, Australia and New Zealand this year. Over the next year AGCS intends to launch this cyber insurance in selected Asian markets."