The Cyber insurance protects companies from the consequences of a hacker attack, but also offers protection for damage directly caused by an impairment of the IT system, be it first party loss or liability to third parties. For example, it covers the company’s financial loss in case a cyber attack causes a company’s business operations to a complete or partial standstill.
However, it is often more than pure indemnity insurance: A Cyber policy offers important services to limit the effects of an attack and because the informational or personal rights of third parties can also be affected. This is especially important for companies that cannot afford a permanent service department to react quickly and effectively in the case of emergency.
Legislators have long recognized the potential dangers of rapidly advancing digitalization and have regularly responded to technical progress and the changes in the economy with regulations and laws as data volumes have increased in all branches of industry and services. By the end of May 2018, the GDPR (Basic Data Protection Regulation), whose primary objective is to protect the personal data of EU citizens, will enter into force at EU level, but also establish a regulatory framework for companies whose main business is data traffic. Examples include Google, Facebook and Amazon, which have their headquarters in the USA. Up to 4 percent of annual sales or up to 20 million euros in fines pose an existential threat to companies in the event of serious violations.
Switzerland is expected to fully comply with the EU GDPR very soon and will replace the Data Protection Act (Datenschutzgesetz DSG), which dates from 1992 in its original version and was last amended in 2014, in the form of a complete revision.
The range of cyber insurance products is the most uneven within Financial Lines. The products offered range from service, liability and first party insurance, their scope extends from pure cost insurance to loss of profits in business interruption covers and to the assumption of fines and penalties. The insurers do not yet offer a uniform standard at the cyber product level and are strategically very differently positioned. The product cycle here is very short. It is widely expected that Cyber insurance will be part of a company’s standard portfolio in 5 to 10 years at the latest.