Sat, Oct
43 New Articles

Cyber Insurance – A New Must Have in the Digital Age?

Cyber Insurance – A New Must Have in the Digital Age?

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Viruses affecting human body have been the hot topic of most conversations for over two years. However, the digital world is not spared from “viruses” which affect other aspects of human lives. Multiple malwares used for cyber-attacks are created to damage, disrupt, hack, or block a device and encrypt or lock data and can cause enormous damage both in the private and public sector.

Such attacks target operational technology (OT) or information technology (IT). One of the most famous malwares aimed at operational technology was unquestionably the infamous Stuxnet, detected in 2010. Its goal was physical impact, which was successfully done, reportedly damaging one-fifth of the nuclear centrifuges in the Iranian Bushehr nuclear power plant.

A recent IT attack that gained global attention was definitely the pro-Russian motivated attempt to disrupt voting for the Eurovision Song Contest, as reported by the Italian police.

Unlike physical destruction, malwares aimed at IT target business financial data, customer databases (including personally identifiable information), customer financial data, intellectual property (like trade secrets or product designs), IT infrastructure access, etc.

Hackers are very imaginative in the creation of ever new sophisticated malwares and diverse methods of extortion; one such being so called double extortion. With this method, the initial encryption of data is followed by form of extortion and attempts to delete backups making it more difficult for businesses to recover data.

Another aspect in data safety to be considered is remote work. Even before the lock-down, an increasing number of people had realized they could work from home or from different parts of the world. As convenient as this might be for personal life and doing business while traveling, the danger of data loss has consequently increased. People can lose devices or data could be stolen due to unsecure network. However, it is not just remote work that poses an increased risk. The risk of cyber-attack is everywhere where devices containing information are used, with the risk being even higher when the information is especially interesting to the cyber-attacker. 

As damaging as cyber-attacks can be to businesses, losses from such events are often excluded from a general liability policy. However, the insurance market is increasingly recognizing the necessity to insure events caused by cyber-attacks. Multiple losses arising from such events can cause immense damage to a company as well as to third parties, especially when data is involved. Cyber insurance policies often provide following coverage options: business interruption, notifying customers about a data breach, IT forensics, cyber extortion, litigation expenses, regulatory defense expenses/fines, reputation losses, restoring personal identities of affected customers, and recovering compromised data.

It is also important to examine territorial scope of the cyber insurance policies –  not only because employees holding important information can be located in different parts of the world, but also because businesses themselves can store data in different places around the globe.

In the EU, the General Data Protection Regulation imposes additional obligations in order to improve data protection systems which contain data on natural persons, including informing competent authority in the event of a breach. Cyber insurance policies differ significantly in the coverage of penalties imposed by the authority in the event of cyber-attack and some demand that authorities initiate a formal procedure for the insurer to pay the damage.

Finally, in the light of the ongoing political situation, it remains to be seen how cyber insurance will be further developed regarding events of cyber-attacks by organizations or other countries and legal interpretation of the exclusion of war risks.

By Janica Rakoci, Associate, Ostermann & Partners

Croatian Knowledge Partner

Čipčić-Bragadin Mesić & Associates is one of the leading law firms in Croatia that serve companies, credit & financial institutions and public entities. We have been recommended and recognized as the legal experts and service leaders by many leading international legal guides for more than 15 consecutive years. With roots dating from 1928. we now probably have more tradition, experience and market presence than almost any other law firm in Croatia. We work closely with the leading international law firms and consultants so we’re able to manage complex, cross-border projects and deals seamlessly and successfully. Around 85% of our clients are international enterprises doing business in Croatia. List of our clients include some of the world-renowned companies such as Amazon Europe Core, China Machinery Engineering Corporation, Tate & Lyle, Nafta a.s., Unilever Croatia, Unilever Hungary, Lenovo, Innoenergy CE, Flixmobility, Flixbus CEE South, Okoenergie Group, CTC Holding, Bunge Limited, Chipita, Rolls-Royce, Canvas Holidays, Vacalianselect, Redgate Software, Red gate Investment, Yahoo!, Aston Martin Lagonda, Domino Printing UK, Domino Printing Sciences, Goldman Sachs, Deutsche Bank, Barclays Bank, HSBC, State Street Bank, Citigroup Global Markets, Credit Suisse, Bank of America Merill Lynch, Standard Chartered, Och-Ziff Capital Management, Amundi Asset Management, Altima International, Red Arc Global Investments, SMBC Nikko Capital Partners, Royal Bank of Scotland, Morgan Stanley International, J.P. Morgan group, Allianz Global Investors, Schroders, Macquarie Bank, Digital Finance International, Winton Capital Management, Citibank, Invesco Asset Management Österreich, Croatian Pension Investment Company, Unicredit Bank AG etc. We enjoy learning about our clients’ businesses and want to understand them completely so we can provide the best possible and complete service.

All News about, and Legal Analysis by, Čipčić-Bragadin Mesić & Associates can be found here.

Firm's website: cipcic-bragadin.com


Our Latest Issue