Product Contamination Insurance – Risks and Liabilities

Food and Production Contamination Insurance

Product Contamination Insurance offers a much broader range of cover than classic recall insurance and provides cover for a catalogue of costs.

Companies operating in the food industry can face many problems leading to significant losses due to incidents of product contamination. The topic is important, particularly for those businesses that operate outside their local market.

Exporters need additional organisational and financial support when reacting quickly to a real or potential threat to property or the life or health of consumers in various parts of the world caused by their product.
According to several studies, as many as 58% of companies have been affected by events involving food recalls.

The risk of a product recall is always present

The product recall insurance offer is designed for any client who places food on the commercial market, including both unprocessed products (e.g. meat or seafood) and highly processed finished products (e.g. cold cuts pasta, confectionery, beverages).

Due to the nature of the products sold and their storage requirements, great care should be taken by those who distribute, for example, fruit and vegetables. These products are sensitive to storage conditions. Improper storage of eggs and dairy products can even lead to health problems and illnesses for consumers. It is also crucial for manufacturers who use nuts, grains or spices in their plants to be mindful of the risks associated with possible contamination of their product by these allergenic agents.

Product withdrawal from the market can happen for multiple reasons. It could be microbiological contamination, i.e. contamination of the product with bacteria; it could also be physical or chemical contamination. Mislabeling, use of unapproved ingredients, or even failure to observe the proportions between individual ingredients may cause the claim and the need to recall the product. These circumstances lead to the product being considered non-compliant or even dangerous for consumers and a recall for the entire batches of finished products.

One example is a German company with a turnover of EUR 100 million that had to incur additional recall costs in the US and UK after listeria bacteria was found in its meat products. In the end, the loss amounted to EUR 90 million.

A bottle manufacturer from Poland received a $10 million claim related to having to recall several million bottles of beer. Only three bottles had cracks, but all of the bottles placed on the market were recalled for customer safety reasons. Insurance covered the loss.

What are the reasons for liability?

Liability reasons can be multiple. Accidental contamination means ingestion of the insured product has led or may lead to bodily harm. Examples of contamination include listeria, E. coli, salmonella or foreign bodies (e.g. plastic/metal in the product).

Malicious product contamination is the actual or likely deliberate alteration/contamination of a product. Often it is done by disgruntled employees who have access to the facility or product.

Product-related extortion happens when a person or group threatens to extort money by deliberately tampering with a product, e.g. contaminating it. Government withdrawal represents a forced or ordered withdrawal by a government or regulatory body. It often includes suspension of operations and applies whether or not contamination is present. Finally, adverse publicity is any reduction in sales caused by alleged, but not actual, contamination.

What can you expect with Product Contamination Insurance?

Product Contamination Insurance offers a much broader range of cover than classic recall insurance and provides cover for a catalogue of costs:

  • Recall replacement costs (including product value), damage-owned and third party costs and expenses.
  • Interruption of the insured’s business and loss of profit – inter alia if the facility is closed due to contamination and needs professional services to survey and disinfect the facility. Even one day of downtime generates a loss, and prolonging it increases costs.
  • Increased labour costs – the cost of staff working overtime or employing extra people to clean up the contamination/recall or disinfect the plant.
  • Reputation restoration costs refer to the cost of bringing the brand back to its pre-recall condition. Includes sales and marketing costs, like giving a discount on your next product purchase or promotion where if you buy one product and get another one for free.
  • Product recall liability damages are any damages that the insured is legally obliged to pay to its customer in the event of contamination. Damages may include loss of client profits, rehabilitation expenses or reimbursement of purchase costs.
  • Consultant costs refer to the expenses of expert consultants who will guide the insured through the crisis. A pre-incident fund is also available in the policies, and it may include reviewing crisis management plans and providing food safety training.

This article is a part of our Foodprint publication focusing on issues and risks facing the Food & Agriculture industry. Read the publication and learn more about insurance solutions and the growing importance of risk management and alternative solutions like parametric insurance.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

War in Ukraine and Cyber Insurance

Since the start of the war in Ukraine, fears of cyber-attacks due to parallel hybrid war are increasing. In this article we explain how the insurance industry is reacting and how the war clause affects conditions.

Is there an increased cyber threat from the war in Ukraine?

Officials like the German BSI are currently assuming an “increased threat level”. However, there is currently no immediate threat to information security in connection with the situation. However, there are already suspicions of individual cyber-attacks in connection with the war. The German wind turbine manufacturer Enercon, for example, was no longer able to carry out remote maintenance on its own systems. The reason for this was a disruption in the satellite network.

How are cyber insurers reacting?

Immediately after the outbreak of the war, our cyber specialists contacted cyber insurers in order to know their reaction. The general feedback was that the situation was being assessed and, especially in the area of critical infrastructure, that decisions will be taken with even more restrictions.

Does the war exclusion clause apply?

Cyber insurances usually have so-called war exclusion clauses, according to which damage caused by war or war-like events are not insured. The classic exclusion of war means that there is generally no coverage in the case of a targeted action by an attacking state using physical force.

If the cyber-attack is originated by so-called state sponsored hacker groups, there is no direct-targeted action by an attacking state, and therefore no war in the sense of the definition. In addition, Russia is at war with Ukraine and not with other countries, a point to be considered when insurance wordings are interpreted. Even if a cyber-attack on a company is directed by a state, this is still no official war action. It is the insurer who must provide evidence that the cyber-attack is originating from a state if he thinks that the exclusion is applicable. It will be very difficult for the insurer, however, to prove such a fact, because hackers usually do not announce that they are acting for a government.

How about the ransom payment?

Ransomware cases are currently the No. 1 cyber threat. Access to data or services is blocked and a ransom is demanded for activation. The ransom payment is generally insurable. If the blackmailers are Russian hacker groups, policyholders must expect that the insurers will not make any payment without a positive sanctions and compliance check. Due to the extensive sanctions against Russia, ransom payments to Russian hacker groups are usually subject to sanctions and insurance payments are therefore contractually and legally prohibited.


We are currently not observing cyber-attacks in connection with the war in Ukraine that would occur in Austria and Central and Eastern Europe. Cyber insurers still take responsibility for protecting this number one corporate risk. In our opinion, the traditional war exclusion would not apply in the event of an untargeted attack. Ransom payments might be subject to the sanctions and therefore forbidden.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Cyber insurance comes of age

Cyber insurance, now out of its infancy, has become an essential part of risk management. Stephan Eberlein, cyber expert at GrECo Specialty, reports on how you can get tailored cyber insurance with the best conditions, even in the current market environment.

For years, GrECo has been concerned with communicating to its clients that cyber incidents can be major loss events with serious effects on the company’s success or reputation. Risk transfer via an insurance solution is an important measure for effective cyber risk management.

At the beginning, there was still a lack of risk awareness among domestic company managers, who were “still” convinced of the effectiveness of their firewalls & co. The available cyber insurances were also still in their infancy and their complexity was not easy to understand. However, there was a euphoria in the insurance industry, which provided plenty of capacity at very low premiums to generate market share.

Cyber threats: the No. 1 business risk

Since 2019 at the latest, the world has entered a new cyber era. Although the IT landscape has faced viruses, security breaches and other forms of cyber attacks for years, cyber criminals have become increasingly sophisticated. Meanwhile cyber threats now represent the top business risk (source: Allianz Risk Barometer 2020).

Due to the large number of reports of cyber attacks and their serious financial consequences, many business leaders around the world have taken out cyber insurance at favorable premium costs. In early 2020, Munich Re valued the European cyber insurance market at more than 1 billion USD.

The digitalization accelerated by the Corona crisis not only led to a further sharp increase in cyber insurance policies last year, but also to a rapid increase in claims. Insurers had to deal with ransomware attacks on a large scale. Acting as an accelerant to the negative claims figures are incidents such as SolarWinds, the latest global cyber incident that even compromised government systems. Experts estimate that the insurance industry will have to pay about 90 million USD for this incident.

Cyber insurers are now complaining that claims payments far exceed premiums. Insureds are now feeling the consequences in their policy renewals: capacities are being cut and premiums are being increased, sometimes sharply. In addition, the application process for large companies is becoming more and more burdensome. In other words, market hardening has not stopped at cyber insurance.

Key to best possible conditions

In the current market environment, a “risk-based” approach and transparency are the key to a tailored insurance solution at the best possible conditions, both for contract renewals and new contracts.

However, companies often do not have sufficient answers to questions such as: Which “crown jewels” need to be protected? What is the financial impact of an intervention on these assets? We therefore recommend assessing the cyber risk as part of a loss potential analysis in order to derive the insurance requirements.

Cyber security audits are used to determine the maturity level of IT security, because insurers now consistently demand minimum protection standards. This means that it is worth checking in advance whether the technical and organizational security measures correspond to the state of the art.

Regular awareness trainings for employees and penetration tests also have a very positive effect on risk assessment by the coverage market. On one hand, these measures serve to raise awareness, and on the other hand, they allow companies to test an emergency situation and derive important conclusions for their cyber risk management from the results.

Support in risk and insurance issues

GrECo’s experts accompany you throughout the entire phase of preliminary work up to the completion of the customized solution. They identify potential for improvement in IT security, shed light on the market environment and coverage options. They manage the marketing process, in which detailed questions often have to be answered. We are currently in a seller’s market. This means that the more transparent and better the company’s individual risk situation can be presented, the greater the insurers’ appetite for risk and the more attractive the outcome of the negotiations. So-called “underwriter meetings” also have a positive influence on the results of negotiations. In these meetings, the insurers’ risk engineers have the opportunity to ask detailed questions directly to the company’s managers. This facilitates the application process and promotes trust.

Cyber insurance, the new fire insurance

It is now undisputed that cyber insurance can effectively reduce or compensate for the financial loss in a cyber incident. The current loss events have demonstrated this clearly. Thus, it is more true than ever that cyber insurance should be a standard part of every company’s insurance portfolio. It is now considered the fire insurance of the 21st century.

However, it is important not to see them as a substitute for information security. In addition, companies should be prepared for the fact that insurers subject their risks to an individual review. The better the preparation, the more transparent the risk situation and the more comprehensible the corporate decisions in this area are, the smoother contract renewals and new contracts for cyber insurance will run.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Cyber security – the fire protection of the 21st century

Companies in the 21st century face the great challenge to advance digitization. This means to increase efficiency, reduce costs and deploy new, innovative IT-products and –services that also enhance cyber security.

Various studies and statistics show a clear tendency: crime is increasingly shifting to the Internet. Just in Austria, the authorities recorded a 27.5% increase in Internet-based crimes between 2018 and 2019. According to the IT-trend-study 2020 by Capgemini, almost 63% of companies in German-speaking countries now intend to increase their IT-spending, compared to around 44% in the previous year.

With this tension, between the necessity for digital transformation and the existence-threatening cyber-attacks, cyber-security comes into play. Pursuing a sustainable security strategy is almost indispensable for companies. From the entrepreneurial point of view, cyber security is now at least as important as fire protection, for which usually each company has an understanding. For companies fire-protection is primarily a personal safety issue with official regulations that must be observed. Cyber security, on the other hand, is (only) a data protection issue from the point of view of the authorities, and this is probably the biggest difference in the perception of companies when it comes to the willingness to invest in security.

Identify weak points

The fire-hazard is evaluated by site inspections and tests of the fire-protection-equipment by experts in order to uncover weak points and identify potential for improvement. The same approach is used to manage cyber-threats.
The cyber-risk potential of the entire company is recorded and evaluated within the scope of a risk assessment, whereby organizational aspects (e.g. security policy, employee training) and technical aspects (e.g. design of the server landscape, firewalls) will be considered. This is usually done based on relevant standards such as an ISO 27001 or the COBIT basic-protection.

A further or additional welcome step is for example a penetration test. Here the digital “fire-protection-gates” of a company are tested under strict security-regulations or a “fictitious digital-fire” is set to see how the IT-security reacts in case of an emergency.

Companies also are hold regular fire drills to train employees for emergencies. In the event of a cyber-attack, unqualified employees are the greatest weakness, while trained employees are the greatest strength when it comes to averting or mitigating cyber damage. Regular cyber awareness training ensures that cyber-dangers are recognized timely and that the right measures are taken in case of an emergency.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Buyer’s guide Risk-based purchasing of cyber insurance

New cyber threats are evolving almost every day along with insurance concepts.

However, it is clear that the cyber insurance policies available on the market pursue different objectives: some providers look primarily to cover damage and losses caused by a business interruption resulting from a cyber incident, while others focus on liability cover for a claim based on data breaches. Only focusing on the price of different products can lead to nasty surprises in the event of damage. In addition to the suitable scope of cover and an adequate risk premium, it is also important to choose the right sum insured for cyber insurance.

Before taking out cyber insurance, we recommend that you identify and quantify your own cyber risks within the company and define a strategy for risk management. Our buyer’s guide shows how you can use the GrECo cyber risk assessment to make the best possible decision in terms of cyber insurance.

Step I: Identification of the company cyber risk

The cyber risks of a company, such as cyber attacks, data breaches or IT errors of employees, are diverse. Companies must first of all face the challenge of identifying these risks. Here are some examples of the most significant risks for most businesses: data risk, operational risk, criminality risk and reputational risk.

The most significant cyber risks for companies

Step II. Determining the adequate sum insured

If the company’s cyber risks are identified, we recommend qualifying and quantifying these risks. Cyber risks can also be prevented or at least reduced in most cases by specific risk management, but a residual risk almost always remains. The residual risk of a potential major loss is covered by cyber insurance. Choosing the right sum insured and deductible commensurate with the risk involved can be a challenge. The evaluation approach must be chosen, based on the risk type. The evaluation of the loss potential resulting from data theft follows approaches other than the evaluation of a business interruption following a cyber attack on IT infrastructure and key systems. The insurance market currently has sufficient capacities, even if high sums insured are required as is the case with multinational companies. The specialists of GrECo Risk Engineering are on hand to help you prepare loss potential analyses for cyber risks. Read the article “Identify your risks. Don’t burn your money.”.

Step III. Evaluation of cyber resilience

Cyber resilience is a comprehensive strategy for enhancing the resistance of a company’s IT systems to cyber attacks. International standards such as ISO 27001 or the cyber security framework of the international standardisation authority NIST offer recognised models for establishing, implementing, examining and continuously improving the company’s own cyber resilience.

But it is not appropriate to introduce these standards for all companies. These certifications are often too complex and cost-intensive, especially for SMEs. However, cyber security services such as cyber penetration tests, awareness training courses and cyber scoring reports are available to help SMEs to build up their cyber resilience.
The cyber scoring report allows companies to establish their digital footprint quickly and cost-effectively. Leaked, publicly available company data (e.g. email addresses, passwords, user names, etc.) is searched for during a desktop scan of the internet and darknet. The result of the report shows the company’s digital footprint, from which it can be concluded how the employees move in cyberspace, how visible the company is for cyber attacks (reputation in cyberspace), whether recent attacks can be detected, etc.

Cyber insurance ultimately safeguards corporate assets …
The awareness of the possible loss potential is an essential requirement for the decision on an insurance solution and its characteristics. Cyber resilience safeguards material and immaterial corporate assets and supports the purchase of cyber insurance in terms of quality and price.

As every minute counts with cyber damage, cyber insurance also offers important services such as immediate telephone protection, an IT expert network, and legal and PR support in order to overcome the cyber incident in the best way possible and prevent a negative impact on the company’s reputation. After the crisis has been overcome, cyber insurance takes responsibility for first-party and third-party liability losses.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Guido Teutsch

Specialist Employee Benefits

T +43 5 04 04 – 247

How hackers work…

Crisis manager Crawford & Company explains

Cyber criminality can take on a number of forms – but one aspect always remains constant: the criminal energy of the attackers!

The hackers’ motivation is to seriously disturb a company’s operations and to gain a financial advantage from the criminal act – with correspondingly negative consequences for the parties concerned. If this scenario occurs, the following are crucial: good preparation and professional and coordinated actions!

Attackers usually gain access to the IT systems of the parties concerned and the sensitive data stored on these systems. In the past, the main focus of the risk assessment was often on the associated data protection and regulatory aspects. These aspects must always be taken into account, as otherwise there is the potential for hefty fines from the supervisory authorities. The recent past shows that authorities are increasingly imposing these types of fines due to data breaches (e.g. in accordance with the GDPR).

Fraudulent emails and encryption Trojans

The usual attack vectors are still often email fraud or attacks with encryption Trojans (ransomware). Over the past 12 months, we have been monitoring the trend towards increasing targeted attacks that are often based on social engineering (e.g. by phishing emails) in conjunction with complex, smart and automated malware (such as e.g. Emotet which is deemed to be one of the most destructive and cost-intensive malwares).

The damage and losses resulting from cyber incidents may take on significant proportions in many cases. In addition to the regulatory aspects mentioned and data protection, the potentially significant damage to the company’s reputation and the financial losses of this company must also be taken into account.
The financial losses incurred are not restricted to the monetary expenditure for restoring data, IT forensic analysis and the evaluation of the attack, and to the costs of involving specialist lawyers and PR consultants. Financial losses that result from the temporary standstill of businesses or even entire corporate groups are increasingly playing a leading role in the risk assessment.

Crisis management with professional help in the event of damage

In addition to preventative measures for defence against and prevention of attacks, acting quickly and professionally in the event of damage or loss is usually the key to best overcoming cyber incidents and reducing the resulting damage and losses. In terms of crisis management, an external crisis manager may coordinate the management processes involved centrally together with the companies involved. With access to a carefully chosen and extensive network of external specialists as a result of framework agreements with IT forensic experts, lawyers and PR consultants, Crawford has the resources to offer active support in the event of damage or loss. Experts experienced in major damage and losses work at Crawford as crisis managers to offer support during the whole process, from the initial analysis and mitigation of the incident to the subsequent damage claims process as part of cyber insurance. This fully integrated crisis and claims management process represents a smooth and efficient solution for the entire cyber insurance claim.

GrECo best practice recommendations for mitigating the damage of a cyber incident

Florian Sättler is Head of Cyber Services, Germany/Austria and works as a Cyber Incident Manager at Crawford & Company (Deutschland) GmbH. The qualified industrial engineer started working as an expert in insurance claims for Crawford Global Technical Services (GTS) in 2014 and investigated various large national and international claims in the commercial and industrial sector. He has been an accredited Crawford GTS Cyber Incident Manager since 2017 and is responsible for crisis management/incident response in the event of cyber incidents, with a focus on Germany, Austria and Switzerland in cooperation with Crawford network partners.
Crawford & Company is the world’s largest listed and independent claims provider and has been helping policyholders and insurers with the solution-oriented processing of claims resulting from cyber criminality since 2014, using the Crawford CyberSolution. Crawford & Company has approximately 9,000 employees globally and has already processed well over 1,000 cyber claims.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Guido Teutsch

Specialist Employee Benefits

T +43 5 04 04 – 247

Attacks every second

International trend in cyber criminality
A glance across the pond with AXA XL

The prediction that companies are affected by cyber attacks worldwide every 14 seconds was made in 2017. However, the actual intervals were a lot shorter in October 2019. Cyber criminals attempt to gain access to a company’s systems every ten seconds.

If 2019 has proven something, it’s that hackers are becoming a lot more cunning with their methods and their targets. The losses caused by cyber criminality amounted to 2 billion dollars in 2019. Losses of over 5 billion dollars are expected by 2024.

This amount could rise even further, especially as cyber criminals often change their methods of attack. It’s becoming a race against time for companies trying to stay one step ahead of the hackers; a vulnerability must be eliminated while another is already evolving.

However, the most common method used by hackers to gain access is still a well-known one. Phishing through emails or social media actually continues to be at the top of the list. Phishing attacks increased by 65% last year (2018-2019) alone.

However, the knowledge of how hackers get in – and what they target – provides valuable input when it comes to introducing preventative measures.

Let’s analyse the three main trends in cyber criminality which dominated 2019.

1. Ransomware (ransom demand)

The volume and frequency of ransom demands increased in 2019, which indicates that this is the preferred method of attack for many cyber criminals. The reason is that these attacks are easy for hackers to carry out and have a high success rate. They access the system, lock out users and demand a ransom. It’s that easy!

By all accounts, ransomware is expected to continue to grow exponentially as the preferred method used by cyber criminals. The main causes of ransomware (ransom demands) so far have been negligent employees (51%), ineffective virus protection (45%) and outdated or unpatched software or security precautions (26%). Fortunately, these causes can be tackled effectively by most companies:

  • Training employees to recognise and handle fraudulent emails or telephone calls where company information is requested may significantly reduce the risk of employee errors.
  • A clear procedure for reporting suspicious activities should be part of a company’s overall strategy for mitigating risk.
  • IT departments should also perform regular updates of all software and security applications and ensure that the current virus protection programmes are able to respond to new threats as soon as they appear.

2. Focus on public institutions

The numerous high-profile cyber attacks on government institutions help to raise awareness. In May 2019, the city of Baltimore was affected by a ransomware attack for the second time in just 14 months. The attack cost the city over 18 million dollars. The original ransom demand the city did not want to pay amounted to 76,000 dollars.

In order to prevent attacks, public institutions that only have low budgets or no budgets at all for cyber security could still use some of the aforementioned preventative strategies – training employees in how to respond correctly and report attacks, updating systems and applications on a regular basis and ensuring that their virus protection is up-to-date.

3. Biometric data

Facial recognition Scanning of fingerprints Retinal scans Current identification instruments are also a hotbed of exposure from hackers and opposing parties. A logistics company that offers business and administration services for the elderly throughout USA recently violated the Biometric Information Privacy Act (“BIPA”). The company uses a biometric time recording system that requires employees to use their fingerprints as a means of authentication instead of key fobs or identity cards. The employees must scan their fingerprint to be entered in the database. The plaintiff claimed as part of a class action that the company did not observe the BIPA in terms of recording and using fingerprints. However, in this case, an early settlement was reached and the total costs of defence plus the settlement amounted to approximately 600,000 dollars.

Companies should work transparently whenever biometric data is recorded and/or stored. Clear disclosure of the practice and obtaining written approval protect both the company and the owner of the biometric data. Companies should also state how the data is used and stored during a disclosure and consent process.

Keeping hackers at bay

Cyber risks are constantly developing in terms of volume and form. The cyber liabilities are being restructured, from ransom attacks to biometric exposures.

Regardless of whether they are ransom threats or risks caused by the use of biometrics, your company should check systems and guidelines to ensure that system availability and compliance with data protection laws are sufficient. You should also know how your company will respond and what responsibility you assume in the event of a violation or a breach of data protection requirements. AXA AL offers the best possible insurance solutions for these risks for medium-sized to large multinational companies worldwide.

Mag. Verena Schmidt
Underwriter Austria & Central Eastern Europe
International Financial Lines
AXA XL, a division of AXA
T +43 1 50 60 2109

Dennis Bertram
Underwriter Cyber and
International Financial Lines
AXA XL, a division of AXA
T +49 221 16 887 122

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Günter Hubmann

Deputy Competence Center
Manager Liability

T +43 5 0404 219