Mr. Delvos, why should companies protect themselves these days?

Oliver Delvos: In times of constantly advancing digitalization, intelligent machines and the integration of entire work processes into the world of IoT, working in cyberspace is no longer just part of everyday private life.

For many companies, however, the relevance of the topic is derived from their different business models. What is therefore a matter of course for highly digitalized business models in online mail order or banking is only being put on the agenda for traditional companies by digitalization initiatives or the new EU General Data Protection Regulation, for example. Companies that are caught unprepared here will lose their entrepreneurial scope for action and may fall behind the competition.

The networking of all company data via IT and other networks therefore not only brings advantages, but also harbors weak points that criminals can exploit and thus cause major economic damage to companies.

What are the biggest cyber threats?

Oliver Delvos: The most common cyber incidents are still generated by malware that encrypts company data. The actual goal is usually to demand ransoms in cryptocurrencies. In particular, the increasing complexity of the supply chain and the high degree of networking within companies themselves are increasingly leading to drastic business interruptions, some of which can have serious financial consequences - not to mention reputational damage.

And that's why you recommend cyber insurance?

Oliver Delvos: At the heart of every company's considerations should be the question of how financial imponderables and catastrophe risks can be limited in the best possible way. The use of appropriate insurance cover makes it possible to transfer the risk of an organization's financial losses to the insurer's balance sheet or the insurance market.

Do manufacturing companies already use such insurance policies?

Oliver Delvos: We see a great deal of uncertainty here. Too often there is still a lack of understanding of the complexity and dynamics associated with cyber security and the use of insurance. The market in Europe is still very young by comparison - companies have only been buying cyber insurance specifically for one or two years.

How is your insurance solution structured?

Oliver Delvos: CyberEdge 3.0 is a combined product to cover internal damage, such as the recovery of data and IT systems. It also covers third-party damage and liability claims. The product portfolio consists of over 20 different insurance modules, which include cover for business interruption due to system failures, operating errors, technical problems or due to a cyber attack on external IT service providers. The solution also prepares companies for data protection incidents.

At the same time, such protection offers an additional service through the support of a specialized partner from the legal and IT sector. This includes services such as a 24-hour hotline and access to external IT forensics experts.

What parameters play a role in the cost of the insurance?

Oliver Delvos: The decisive factor is the evaluation of the measures already taken by the company and their implementation. Questions in this context may include Are there appropriate certifications? Are the incident response plans tested regularly? Are there vulnerability scans? In addition, it must be clarified how the company patches, whether regular back-ups are created and whether employees are trained. Consistent compliance with the GDPR and comprehensive firewall management are also crucial.