Computers, servers, mobile devices, electronic systems, networks and the handling of personal data are now part of everyday life. But this data must be protected and defended against malicious attacks by third parties (hacker attack). Cyber attacks are now among the most expensive forms of damage and can have fatal effects on regular business operations.
Sent a confidential email to the wrong address? This can happen in everyday work life.
Thousands of customer profiles hijacked by clever data thieves? Happens more often.
It doesn't matter whether this is due to carelessness or criminal energy: if something goes wrong while working on the Internet, the financial consequences quickly take on considerable proportions.
Your protection against cyber attacks
A secure network secures sensitive data and processes.
If protection is breached by employee error or a cyber attack, cyber insurance offers you contemporary protection. This also applies in the event that IT systems have been infected with malware.
Your own costs arising from cyber damage, e.g. e.g.:
Claims for damages from third parties that may result from a hacker attack, loss of data or a violation of data rights are accepted. In addition we offer:
46% of all cyber damage is caused by your own employees. Therefore, together with its cooperation partner Perseus, HDI offers prevention training for your employees to make them fit for the topics of cyber security and data protection. Easy to understand.
In addition, Perseus also offers ongoing and sustainable training for your employees. These include, among other things
Cybersecurity has become indispensable for all digitally working companies. You can find the most frequently asked questions here!
This applies if the companies already exist when the insurance begins
Co-insured persons are:
If a company becomes a subsidiary through incorporation or acquisition during the term of the contract, it is automatically considered to be co-insured from the date of incorporation or acquisition.
Notwithstanding this, coordination with the insurer is required if:
Not included in the insurance cover are insurance claims of newly added companies (new subsidiaries):
Cyber blackmail occurs when the insured is credibly threatened with an information security breach and offered to stop it by paying a ransom or blackmail.
An operating error is the improper operation of the policyholder's computer system through negligent, including grossly negligent, action or omission by an insured natural person, provided that data is changed, damaged, destroyed, deleted, encrypted,
A network security breach is:
This also applies to data that is stored outside of the insured person's IT systems, insofar as the insured person has direct access to this data.
The insurance also covers work-related data on the systems of the co-insured persons (e.g. bring your own device).
Compensation for costs, services and personal damage
Two weeks after notification of the damage, the policyholder can claim the amount as an advance payment, which is the minimum to be paid according to the situation.
The insurer can defer payment until then
The insurer must notify the policyholder within two weeks of the date on which the of the third party with binding effect for the insurer has been determined by a final judgement, acknowledgment or settlement from the claim of the third party. If the third party has been satisfied by the policyholder with binding effect on the insurer, the insurer must pay compensation to the policyholder within two weeks after the third party has been satisfied.
The policyholder must fulfill the following obligations upon and after the occurrence of the insured event:
If possible, he must ensure that the damage is averted and reduced. In doing so, the policyholder must follow the insurer's instructions, insofar as this is reasonable for him, and obtain instructions if the circumstances permit.
If several insurers involved in the insurance contract issue different instructions, the policyholder must act according to his best judgment.
The policyholder has:
If a public prosecutor's office, official or judicial procedure is initiated against him, a court order is issued or a dispute is announced to him by a court, he must report this immediately.
Obligation to provide information
The policyholder has:
The policyholder must leave the damage pattern unchanged until the insurer permits a change.
If changes are unavoidable, the damage must be documented in a comprehensible way.
The policyholder has:
The policyholder must lodge an objection or other necessary legal remedies against a court order or an order from administrative authorities for damages within the time limit.
An instruction from the insurer is not required.
In the event of cyber extortion, the policyholder must immediately report the threat and authorize the insurer and service providers to pass on all related information to the investigating authorities.
Yes, if the policyholder intentionally or through gross negligence violates an obligation that he has to fulfill towards the insurer before the insured event occurs, the insurer can terminate the contract without notice within one month of becoming aware of the violation.
However, the insurer has no right of termination if the policyholder proves that he has breached the obligation neither intentionally nor through gross negligence.
The insurance company can only refuse to settle a claim if:
Important: The insurer remains obliged to pay if the policyholder proves that he did not violate the obligation through gross negligence. This also applies if the policyholder proves that the breach of the obligation was not responsible for the occurrence or the determination of the insured event was still the cause of the determination or the scope of the insurer's obligation to provide benefits. This does not apply if the policyholder has fraudulently violated the obligation.
The insurance contract can be terminated by either party after the insured event has occurred if:
The termination must be received by the contractual partner in text form (e.g. email, fax or letter) no later than one month after the conditions for termination have been met.
However, if the insurer instructs the policyholder to allow a legal dispute to arise, the period only begins when the liability judgment becomes final.
Will HDI Versicherung AG change the underlying cyber insurance Insurance conditions exclusively for the benefit of the policyholder and without additional premium, the contents of the new conditions also apply to this contract with immediate effect.
Newly added additional modules associated with an additional premium, which must be applied for separately, do not automatically become part of the insurance contract through this clause.
The following are excluded from insurance cover regardless of contributing causes:
Insurance claims or damage due to war. War means: war, invasion, civil war, insurrection, revolution, riot, military or any other form of seizure of power.
Insured events or damage based on acts of hostility, riot, civil commotion, general strike, illegal strike.
Insurance claims or damage caused by acts of terrorism. Acts of terrorism are any actions aimed at achieving political, religious, ethnic or ideological goals that are likely to spread fear or terror in the population or parts of the population in order to influence a government or state institutions.
Claims or damages arising out of or in connection with any form of purchase or sale of securities, commodities, derivatives, foreign exchange, bonds and comparable assets.
Insured events or damage from the outflow of assets of the insured arising in connection with an information security breach, unless expressly insured.
Insurance events that were caused by the insured or their representatives intentionally or by knowingly deviating from the law, regulation, decision, power of attorney or instruction or by other knowing breaches of duty.
Fines, fines and other public penalties as well as punitive and exemplary damages imposed on the policyholder, unless otherwise agreed.
Claims or Damages arising out of or in connection with
unless otherwise agreed.
Insurance claims or damage caused by nuclear energy, nuclear radiation or radioactive substances.
Insurance claims or damage due to the violation of a regulation to protect against discrimination, in particular from the General Equal Treatment Act.
Insurance claims or damage due to contractual penalties, unless expressly insured.
Insurance claims or damage in connection with an official intervention, including resolution seizure, nationalization, destruction or other action by any government agency or other government entity.
Insurance claims and/or damage due to infrastructure failure or disruption. All private or public facilities (including local authorities, communities, districts, etc.) that supply energy or connect to communication facilities are considered infrastructure serve all kinds.
These include in particular:
However, insurance cover exists for interruptions or disruptions in the IT systems of the insured that occur solely within the control of the insured.
Insurance claims or damage resulting from the fact that insured persons illegally record personal data with the knowledge or as a result of a negligent lack of knowledge of a representative.
Insurance claims or damage as a result of the organization or hosting of competitions, lotteries or other games of chance.
With professional malware, it is easy for attackers to get hold of confidential data, disrupt processes or even sabotage business success. The following three most common real-world cyber attacks will show you how you handle it.
Malware often damages your computer, for example by opening an unknown e-mail attachment
In a ransomware attack, a third party tries to lock your computer or encrypt your data with malware in order to extort money for unlocking or decrypting.
An attacker tries to overload a specific application, such as the company's website. The attack can occur in the form of a disruption or completely paralyze the attacked application in order to disrupt your business operations and possibly blackmail you.
Basically: Create regular data backups and store them in physically separate locations from your normal systems. This allows you to restore your data in an emergency.