(Erichsen/Seiz, r+s 2024, S. 97)
Unfortunately, Cyber attacks on businesses are no longer uncommon, but rather part of everyday business. In 2023 alone, Finlex’s claims department recorded more than 120 new Cyber claims. Fortunately, thanks to the prompt response of policyholders and the effective assistance of the Incident Response Emergency Hotline, a large proportion of these cases end with minimal damage, keeping losses low. However, if Cyber attackers succeed in infiltrating a company’s network, spreading within the network and encrypting data, the financial consequences for the company can be immense.
Therefore, it is all the more important for affected companies in these cases to have a Cyber insurer by their side. The insurer covers the necessary costs for incident analysis and resolution, restoration of IT systems, and reimburses any resulting business interruption losses. “In the Cyber area, the claims settlement rate is fortunately very high. In more than 70% of our claims cases, the incurred damage is either easily settled by the insurer or the first aid provided by the emergency hotline can lead to a quick and cost-effective resolution of the Cyber incident without exceeding the policy deductible,” explains Elke Seiz, Claims Counsel at Finlex. It is therefore generally the exception rather than the rule for insurers to deny coverage in the event of a claim and to become involved in coverage disputes.
The objection of grossly negligent causation of the insurance event in claims practice
In cases where Cyber insurers question coverage, the argument of breach of pre-contractual disclosure obligations pursuant to § 19 et seq. of the German Insurance Contract Act (VVG) is the most commonly raised objection by insurers. This occurs particularly when forensic findings during the investigation of the Cyber incident reveal that certain IT security standards in the company were either lacking or insufficient. In these cases, insurers may also invoke § 81 VVG and raise the objection of grossly negligent – if not deliberate – causation of the insurance event.
Elke Seiz explains: “There are some insurers in the Cyber insurance market who almost routinely raise the objection of grossly negligent causation of the insured event when there are security vulnerabilities in the insured company’s IT system, and use this argument to deny coverage or significantly reduce the insurance payout. Unfortunately, it is often overlooked that strict requirements must be met for the insurer to effectively invoke the grossly negligent causation exclusion. If the objection is raised without the insurer having thoroughly examined the high requirements of the exclusion, the situation for the policyholder is more than unsatisfactory. We therefore hope that insurers will not automatically rely on grossly negligent causation of the insured event, but will instead question in detail whether the conditions of § 81 para. 2 VVG are actually met.”
Finlex legal opinion in the journal Recht und Schaden
Is it actually possible to rely on the defence of grossly negligent causation of the insured event in the context of Cyber insurance? If so, what are the requirements? And who bears the burden of proof that these requirements are met?
Dr. Sven Erichsen, Non-Executive Director at Finlex, and Elke Seiz, Claims Counsel at Finlex, have addressed these and other questions in detail in the current article in the legal journal r+s titled “Requirements of § 81 para. 2 VVG (grossly negligent causation of the insurance event) in Cyber insurance.
Read the entire article (only available in German) here.
(With permission from the publisher C.H.BECK)
On the safe side with the Finlex special concept
“The questions surrounding § 81 Para. 2 VVG only become relevant if the policy conditions do not already contain a provision in which the insurer expressly waives the right to invoke the defence of grossly negligent causation of the insured event. Our Finlex Cyber special concepts usually contain such a provision, so that Finlex’s cooperating brokers and policyholders need not fear discussions with insurers about grossly negligent causation of the insured event in the event of a claim,” reassures Dr. Sven Erichsen. This shows once again how important it is to have a well-established set of terms and conditions underlying the insurance contract. This can prevent unpleasant surprises and unnecessary discussions in the event of a claim.
If you have any questions or would like more information on this topic, our claims experts and brokers are at your disposal.
The following images are released for reprinting subject to editorial, non-commercial use.
Elke Seiz | (Press photo)
Photo credit: Finlex GmbH
Similar Posts
Finlex erweitert sein Experten-Führungsteam
[vc_column width="1/1"]Finlex, der führende digitale Wholesale-Spezialmakler für Financial Lines und Cyber-Versicherungen, stärkt sein Experten-Führungsteam durch zwei Neuzugänge: Dr. Stephanie Belei…
Financial Lines Summit Austria: Branchentreffen bringt neue Erkenntnisse
[vc_column width="1/1"]Zum ersten Financial Lines Summit Austria lud Finlex Ende Juni in das k47.wien ein. Auf dem einzigartigen und interaktiven…
Cyber-Risiken – die Evolution der Cyber-Bedrohungslandschaft und ihre Auswirkungen auf den Cyber-Versicherungsmarkt
[vc_column width="1/1"]Die Cyber-Bedrohungslandschaft entwickelt sich kontinuierlich weiter. Cyber-Angriffe werden zunehmend gefährlicher, die Techniken, mit denen Angreifer in Systeme eindringen, immer…
GDV-Statistik zur D&O-Versicherung – Finlex bestätigt Schadentrends
[vc_column width="1/1"]Nach der neuesten GDV-Statistik stiegen die Anzahl der Schäden sowie die Entschädigungszahlungen der gemeldeten D&O-Schäden bereits das zweite Jahr…
NIS Directive – A liability trap for managing directors?
The NIS Directive has been in force since January 16, 2023 and it defines EU-wide minimum standards for the protection…
Finlex brings Matthias Lange on board: New Head of Sales & Key Account Management
[vc_column width="1/1"]Finlex, the leading technology-based specialist for Cyber and Financial Lines insurance, has appointed Matthias Lange as its new Head…
Finlex Market Report 2024
Auch dieses Jahr analysiert Finlex die Marktsituation der D&O- und Cyber-Versicherung. Der Market Report 2024 bietet dank der Kooperation von…
Crowdstrike-Vorfall – Erhalten betroffene Unternehmen eine Entschädigung aus ihrer Cyber-Versicherung?
Ein fehlerhaftes Update des US-amerikanischen IT- Sicherheitsdienstleisters Crowdstrike hat am Freitag zu weitreichenden Störungen geführt. Experten sprechen vom größten, nicht…
Weshalb ein stabiler D&O-Markt unwahrscheinlich ist
In den letzten Jahren wurde die deutsche Wirtschaft durch die Covid-19 Pandemie, geopolitische Krisen sowie hohe Inflation geprägt. Sowohl wirtschaftliche…
Berkley Deutschland – einer der führenden Anbieter von Spezialversicherungen und Risikolösungen für den Mittelstand mit umfassendem Produktangebot in Deutschland und Österreich
Im Interview sprechen Alexa von Brevern, Manager Financial Lines und Manuel Metz, Manager Cyber Europe darüber, warum Versicherungsschutz insbesondere für…