Cyber attacks can hit anyone. They are usually untargeted or widespread attacks by criminal hackers.
For example, they send fake emails that look like those from Amazon, Telekom or DHL – if you open the links they contain, you unknowingly install malware, a virus, in the background.
One form of the virus is the so-called ransomware. Hackers use this to block computer programs, data or folders directly – their goal: they demand a ransom from the injured party in order to unblock them, otherwise the data will be deleted or even released on the Internet. Affected companies are therefore interrupted in business operations, lose sales or face fines and reputational damage, for example, sensitive customer data such as payment information, patient files or media such as photos and videos can be made publicly accessible. The perfidious: Such ransomware is programmed to break the virus protection and even to attack backups (if they are made).
In order to mitigate the financial consequences of an attack, there are so-called cyber insurances which essentially contain the following services:
- You compensate for lost sales from a business interruption, e.g. B. the production is “paralyzed” or the website is “down”
- You assume the notification and legal advice costs of a possible data protection breach – customers, patients, etc. must be informed immediately, depending on the type of attack, and GDPR fines must be fended off
- You pay for possible damage that occurs in the course of the violation of the personal rights of third parties, through a possible, unconscious passing on of the virus or malware and in the defense against unjustified claims for damages
- Some insurers even pay the ransom if this is the last resort
Cyber insurance is ideally part of a holistic cyber security concept, which also includes the following components and is offered by IT security companies.
Cyber security is based on installing anti-virus software, setting up a firewall and, for example, two-factor authentication for servers, encryption of data carriers for mobile devices and physical theft protection for hardware. In addition, hardware and software must always be kept up to date.
A (regular) vulnerability analysis reveals security gaps in the system before possible attackers discover them. A sustainable security strategy is developed on this basis – IT experts are on hand to provide advice.
Checking legal requirements such as compliance with the GDPR is also elementary and is often accompanied by certified data protection officers in order to determine targeted measures.
Training for employees is another preventive measure against cyber attacks. The employees are trained, for example, with regard to password and email security, security measures in connection with home office and how to deal with social media risks.
Emergency help is available 24/7, 365 days a year. IT forensics experts analyze the extent of the cyber attack immediately. You initiate immediate measures to minimize the damage and to avoid consequential damage. The experts then ensure that the systems and data and thus the “normal state” can be restored. B. Employees, customers and business partners support cyber security providers to prevent or minimize reputational damage and to cope with the attack crisis.
Ongoing risk management
In order to protect yourself against possible attackers and to always be one step ahead of them, all cyber security measures taken must be checked regularly and adjusted as necessary.
Depending on the insurance provider, (some of the) modules are already part of the insurance. Cyber security providers often also cooperate with cyber insurance providers in order to be able to offer customers a holistic concept.