(Erichsen/Seiz, r+s 2024, S. 97)
Unfortunately, Cyber attacks on businesses are no longer uncommon, but rather part of everyday business. In 2023 alone, Finlex’s claims department recorded more than 120 new Cyber claims. Fortunately, thanks to the prompt response of policyholders and the effective assistance of the Incident Response Emergency Hotline, a large proportion of these cases end with minimal damage, keeping losses low. However, if Cyber attackers succeed in infiltrating a company’s network, spreading within the network and encrypting data, the financial consequences for the company can be immense.
Therefore, it is all the more important for affected companies in these cases to have a Cyber insurer by their side. The insurer covers the necessary costs for incident analysis and resolution, restoration of IT systems, and reimburses any resulting business interruption losses. “In the Cyber area, the claims settlement rate is fortunately very high. In more than 70% of our claims cases, the incurred damage is either easily settled by the insurer or the first aid provided by the emergency hotline can lead to a quick and cost-effective resolution of the Cyber incident without exceeding the policy deductible,” explains Elke Seiz, Claims Counsel at Finlex. It is therefore generally the exception rather than the rule for insurers to deny coverage in the event of a claim and to become involved in coverage disputes.
The objection of grossly negligent causation of the insurance event in claims practice
In cases where Cyber insurers question coverage, the argument of breach of pre-contractual disclosure obligations pursuant to § 19 et seq. of the German Insurance Contract Act (VVG) is the most commonly raised objection by insurers. This occurs particularly when forensic findings during the investigation of the Cyber incident reveal that certain IT security standards in the company were either lacking or insufficient. In these cases, insurers may also invoke § 81 VVG and raise the objection of grossly negligent – if not deliberate – causation of the insurance event.
Elke Seiz explains: “There are some insurers in the Cyber insurance market who almost routinely raise the objection of grossly negligent causation of the insured event when there are security vulnerabilities in the insured company’s IT system, and use this argument to deny coverage or significantly reduce the insurance payout. Unfortunately, it is often overlooked that strict requirements must be met for the insurer to effectively invoke the grossly negligent causation exclusion. If the objection is raised without the insurer having thoroughly examined the high requirements of the exclusion, the situation for the policyholder is more than unsatisfactory. We therefore hope that insurers will not automatically rely on grossly negligent causation of the insured event, but will instead question in detail whether the conditions of § 81 para. 2 VVG are actually met.”
Finlex legal opinion in the journal Recht und Schaden
Is it actually possible to rely on the defence of grossly negligent causation of the insured event in the context of Cyber insurance? If so, what are the requirements? And who bears the burden of proof that these requirements are met?
Dr. Sven Erichsen, Non-Executive Director at Finlex, and Elke Seiz, Claims Counsel at Finlex, have addressed these and other questions in detail in the current article in the legal journal r+s titled “Requirements of § 81 para. 2 VVG (grossly negligent causation of the insurance event) in Cyber insurance.
Read the entire article (only available in German) here.
(With permission from the publisher C.H.BECK)
On the safe side with the Finlex special concept
“The questions surrounding § 81 Para. 2 VVG only become relevant if the policy conditions do not already contain a provision in which the insurer expressly waives the right to invoke the defence of grossly negligent causation of the insured event. Our Finlex Cyber special concepts usually contain such a provision, so that Finlex’s cooperating brokers and policyholders need not fear discussions with insurers about grossly negligent causation of the insured event in the event of a claim,” reassures Dr. Sven Erichsen. This shows once again how important it is to have a well-established set of terms and conditions underlying the insurance contract. This can prevent unpleasant surprises and unnecessary discussions in the event of a claim.
If you have any questions or would like more information on this topic, our claims experts and brokers are at your disposal.
The following images are released for reprinting subject to editorial, non-commercial use.
Elke Seiz | (Press photo)
Photo credit: Finlex GmbH
Similar Posts
Finlex Financial Lines Summit Austria 2024
[vc_column width="1/1"]This was our 1st Financial Lines Summit Austria - the industry meeting of the rapidly growing cyber and financial…
New Cyber Expert Lane on the Finlex platform with innovative tender feature
Specialist broker Finlex is launching its new Cyber Expert Lane for companies of all sizes and in all sectors. The…
Smarter D&O-Versicherungsschutz auch für große Kanzleien
Erweitertes Angebot der Zurich Gemeinsam mit den Versicherern Markel, ERGO, Newline und Zurich bietet Finlex eine spezielle Unternehmens-D&O-Versicherung für Kanzleien…
Impact of the current ECJ jurisdiction on Art. 82 GDPR on Cyber insurance
In three recent judgments (C-687/21, C-340/21 and C-456/22), the ECJ has clarified its jurisdiction on the data protection responsibility of…
Personal D&O insurance on Finlex platform with three insurers
Managers now can protect themselves against liability risks targeting their personal assets. They can purchase a personal D&O insurance via…
Finlex expands its Cyber Ecosystem
To counteract the developments in Cyber crime, Cyber insurance is continuously changing and improving. Companies, however, need a symbiosis of…
Cyber insurance case with Santa
In Finlex's claims department, our experts deal with numerous cyber claims that require instant assistance. This was the case at…
The Whistleblower Protection Act and the resulting liability risks
In recent years, the protection of whistleblowers, i.e. individuals who report corporate wrongdoing, has become increasingly important. In Germany, the…
In the crosshairs of cybercriminals? 7 steps to take to defend against attacks!
Cyber attacks are a constant threat to both businesses and individuals in today's digital landscape. The good news is that…