Germany new standard conditions for cyber insurance

News / / Germany new standard conditions for cyber insurance, Hamburg

The German Insurance Association (GDV) releases standard conditions for almost every standard insurance product in the German market The standard conditions are developed in working groups which consist of representatives of the GDV member insurance companies Even though these conditions are not binding, experience has shown that there is a trend that most of the wordings are similar to the GDV standard conditionsAn exception to this trend was the first release of the GDV standard conditions on DO insurance The market did not adapt the first version of these GDV conditions The reason for this was that the conditions stipulated were triggered on a claims-made basis but in addition to that the action or omission which led to the damage had to occur in the insured period as well The market, however, operated on a mere claims-made basis more favourable to insuredsJust a couple of days ago, GDV published its standard conditions on cyber insurance for small to medium sized businesses with a revenue of 50 million Euro or 249 employees Similar to what exists in the market, the GDV standard conditions grant coverage mainly for third-party liability damages and first-party losses arising from IT security breaches However, the GDV standard conditions on cyber insurance could share the same fate as the first version of the GDV standard conditions on DO insurance One reason for that is the definition of the insured eventIn the German market the majority of cyber policies stipulates two different definitions for the insured event one for the third-party liability and respectively another for the first-party loss cover The GDV standard conditions, however, stipulate one insured event for both parts Within the GDV standard conditions the insurance will be deemed to occur when the damage is verifiably identified for the first time In other words thenbspmanifestation of damagenbsppresents the insured event The identification of the damage can be made by anyone, regardless of his or her relationship to the insured (eg experts, third party which suffered a damage or any other third person)Moreover, to limit the insurer's risk, the GDV standard conditions stipulate that cyber-events which have occurred before the policy was concluded may be excluded by limiting retroactive coverageWhereas within the first-party loss module, the GDV standard conditions' definition of the insured event could lead to a harmonisation in the market, it is doubtful insurers will give up on the established claims-made definitions within the third-party loss coverThe definition of the insured event for first-party losses has been quite fragmented in the German market so far These differences may lead to dangerous gaps when changing insurers There are policies under which thenbspoccurrence of damagenbspis the insured event Other policies stipulate thenbspmanifestation of the cyber-eventnbspas the insured event The most restrictive option defines the insured event as thenbspoccurrence of the cyber-eventnbspitself, regardless of whether the occurrence has already been notified or could have been notified by anyone If an insured moves from an insurance concept relying on the manifestation of a cyber-event towards a coverage stipulating the occurrence of the cyber-event as the insured event, coverage gaps might exist This is true if a cyber-event that has occurred unnoticed in the earlier insurance period was only discovered when the new contract is already running In this case, though gapless cover exists, the event itself would remain uncovered If the new GDV standard conditions would set a benchmark, this problem could be overcomeContrary to that, the GDV standard conditions' definition of the insured event for third-party losses is most probably not eligible to be adapted by the marketFirst of all, it is highly doubtful whether the market will shift from the internationally established and largely unified claims-made cover towards a new and still unknown coverage concept New wordings always entail the risks of being misinterpreted by courtsSecondly, the GDV standard conditions have an ambiguous wording in the third-party loss module It remains unclear if apart from the manifestation of damage, the third party claim has to be made during the insurance period as wellTo sum up, GDV standard conditions might have a positive impact on the fragmentation of the definitions of the insured event for first-party losses However, the wording in the third-party liability module will most probably not be adapted by the market

Related sectors:

Related services:

Related news & insights

News / Marine Cyber Risk Insurance

09-05-2018 / Insurance, Cyber Security

Ince Gordon Dadds Partner Simon Cooper has contributed the chapter lsquoMarine Cyber Risk amp Insurancersquo to the recent release lsquoMarine Liabilities in a Global and Regional Contextrsquo

Marine Cyber Risk  Insurance

News / Cyber risks facing ship managers

14-02-2018 / Maritime, Cyber Security

Digitalisation of shipping and the associated cyber risk vulnerabilities are hotly debated and discussed topics in the shipping industry, both at state and corporate levels Whilst the focus appears to be largely on shipowners and the use of autonomous ships, there are also a number of pressing areas of concern that ought to be considered and addressed in the context of ship management

Cyber risks facing ship managers

News / Is the shipping industry prepared for GDPR

15-11-2017 / Maritime, Cyber Security

Shipping companies collect a great deal of personal data, including passenger information, crew and employee details, customer lists and details of business contacts The complex global nature of the industry and high level of personal data processed and exchanged, often across national borders, can leave information vulnerable to security breaches, intentional or otherwise Implementing effective data protection controls into daily operating procedures is a huge challenge However, when the EU General Data Protection Regulation and the UK's Data Protection Act 2018 come into force on 25 May 2018, businesses ignore themnbspat their peril, as non-compliance can result in large fines and reputational damage There are also commercial benefits to effective compliance companies that protect the privacy of their passengers, employees and business associates and conduct properly targeted marketing campaigns will be more likely to attract and retain business and staff We set out below some of the issues you need to consider and how you can action them and demonstrate compliance in view of the accountability principle

Is the shipping industry prepared for GDPR

News / Regulatory and compliance checklist how do your internal policies fare

24-10-2017 / Maritime, Cyber Security

Whilst transportation and infrastructure companies are no strangers to regulatory compliance, in recent years, the scope and pace of regulations have increased significantly As a result, all companies should be looking to continually update and broaden their internal compliance policies

Regulatory and compliance checklist how do your internal policies fare

News / Rory Macfarlane and John Boles discuss Cyber Security in an era of opportunity'

22-09-2017 / Cyber Security

Partner, Rory Macfarlane, John Boles, Director of Global Legal Technology Solutions at Navigant and Richard Clayton, Lloyd's List's Chief Correspondent recently delivered a podcast on Cybersecurity, hosted by Informa and sponsored by Ince Co

Rory Macfarlane and John Boles discuss Cyber Security in an era of opportunity'

News / Rory Macfarlane discusses the importance of preparation for a cyber-attack

06-09-2017 / Cyber Security

Ince Co's Hong Kong-based partner, Rory Macfarlane, explores the necessity for businesses to prepare for cyber-attacks, in Asia-mena Counsel's recent publication on Cyber Security and Data Protection

Rory Macfarlane discusses the importance of preparation for a cyber-attack