Insurance Against Terrorism & Political Violence

Insurance Against Terrorism & Political Violence

9/11, the Madrid train bombings, the attack at the Manchester Arena or the London Tube bombings: Modern-day terrorism has many faces and continues to evolve. Despite that, it was only after Russia invaded Ukraine that the demand for insurance against political risks and violence significantly increased.

Terrorist attacks, strikes, violent protests against social evils and other political unrests can cost lives and directly or indirectly impact businesses as well. While insurance policies cannot prevent human suffering, they can help companies offset material damages, facilitate reconstruction, and get back to business as usual. An insurance policy reduces financial losses incurred due to business interruptions, it minimizes rental losses or even a loss of reputation. 
 
However, the insurance possibilities against terrorism and political violence have not yet reached companies in Europe. These insurances are still regarded as providing niche coverage only, even though banks and investors increasingly ask for this coverage. Despite major international events, such as 9/11 or the terrorist attacks in large European cities, neither the demand nor prices have increased on international markets for protection against political risks. 
 
This changed gradually only a few days after Russian troops invaded Ukraine. The demand for Political Risk & Violence Coverage has increased. Companies now want to be on the safe side and are thus willing to accept higher costs for insurance premiums. At the same time, the war has caused the coverage market to shrink. The good news is: It has remained largely intact. 
 

Possible Risk Exposure

Critical infrastructure such as energy and communication are typical high-risk targets for terrorist attacks. Similarly, industrial plants, commercial properties, tourism or health facilities have also been targeted. With globally connected national economies, their supply and value chains as well as background infrastructure, the scope of possible damage has changed over the past decades. Unlike earlier on, the potential for major financial losses without material damage to companies has spiked. A “Non-Physical Damage Business Interruption“ (NPDBI) protects against financial losses due to terrorist attacks that happen in the vicinity of the company, yet cause no material damage at the company’s location.

Additionally, there is a risk of being held accountable and obligated to pay compensation for damages if safety and security measures are found inadequate for protecting the lives and property of others, such as employees. Special terrorism liability insurances safeguard companies against such potential liabilities.

Risk Transfer

Terrorism insurances are so-called “named perils”, providing coverage against known and named dangers. This also means that the insurance only provides coverage for the contractually agreed dangers or events that protect documented financial assets and gross profits. A risk analysis is thus a prerequisite to determine the coverage that best meets the company’s potential risks. Possible threat scenarios, their impact and potential for damage must be closely looked at.

The aim is to adequately safeguard the client against any impact in the event of damages. Our GrECo risk specialists develop tailored insurance solutions for their clients. In doing so, their task in providing such special concepts for coverage is to also define the limits of other, more conventional (all risk) material damage and business interruption insurances and avoid overlaps or insurable coverage gaps.

The Devil’s in the Details

It is impossible to insure clients against all potential risks or events. A world war is the major exclusion of insurance coverage, meaning that if war breaks out between at least two of the five global powers – USA, Russia, China, UK and France – insurance coverage shall not apply. Cyber terrorism is also excluded from this coverage.
The construction sector and construction project managers pay attention! Normally, construction policies do not protect against terrorism and political violence. Insurers do provide coverage against strikes, riots and civil commotion (SRCC clause) with sub-limits. This type of coverage is usually subject to a special right of termination on part of the insurer, a right that may be exercised at any time.

Zviadi Vardosanidze

Group Practice Leader Energy, Power and Mining

T +43 664 962 39 04

Related articles

Geopolitics Shapes the World to Come

Our multipolar world and its myriad of geopolitical forces presents us and our clients with a vast, multidimensional array of risks. As bleak as this may sound, geopolitics and its impact on energy also offers a number of opportunities.

Read more …

Crime Insurance: Insure Your Food & Agriculture Company

Secrets about Crime Insurance

Crime Insurance provides coverage for events not covered by most property or liability insurance policies.

Different Crime Insurance Clauses

There are several ways that businesses could be exposed to crime, both from within the organisation as a result of employee infidelity and from third parties. Crime Insurance provides coverage for events not covered by most property or liability insurance policies:

  • Clause 1 – Employee Infidelity: This clause protects the company from dishonest and fraudulent acts of the employees. This is the major source of all crimes committed against companies worldwide. The clause is very broad and covers almost any crime committed by an employee, whether alone or in collusion with others (both other employees and third parties such as crime gangs) which causes a loss to the company.
  •  Clauses 2 & 3 – Premises and Transit: This is the physical and stock cover for the company and will cover burglary and armed robbery by third parties. It can cover everything from machinery to stock to cash on-premises and has the benefit of covering valuables when in transit as well. Whilst not as effective as a cargo policy, this can provide contingent cover where a third party has a loss, and their insurance does not act.
  • Clauses 4-6 – Forgery and Counterfeiting: These clauses cover the forgery of documents holding a real value and are relied upon by the client for processing cash settlements or disbursement of cash.
  • Clause 7 – Damage due to any of the above clauses: If there is damage to any property as a result of a theft or robbery, then this can be added to the claim. A typical loss here is the destruction of a safe.
  • Additional extension on Computer Crime and Telephonic Crime: This covers the loss to the company by use of a computer or telephone and can have a very broad scope. It is in effect the cover for robbery or theft using a computer rather than a weapon or forced entry. These types of loss are rising due to the less severe penalties for being caught and the fact that they can be carried out remotely, thus lessening the chance of being caught. 

Nature of the Product to be Stolen

As with most businesses, there is a specific risk from the behaviour of employees and some of the causes are listed below. With Agribusiness there is the added threat that they deal in the most stolen goods worldwide accepting cash. There is a simple way of calculating the desirability of products and food that tends to meet all of the definitions to a high degree.

When looking at the product we must consider three themes and if the answer is yes to all three then it is an at-risk product:

  • Desirability – Do people want/need the product?
  • Portability – Is it easy to steal, especially in large volumes?
  • Saleability – Is it easy to sell, would it attract attention to the seller doing s

For example, in Poultry business we can see the following:

  • Desirability – Chicken is the most widely bought meat worldwide and so we can see that there is a demand for chicken products. 
  • Portability – Due to the nature and volume of sales it is surprisingly easy to steal poultry. A faked invoice or paying off the warehousemen or guards on the gates of the processing plant will allow a thief to drive right up to the plant and collect their haul.  
  • Saleability – People want poultry products, and whilst cheap poultry will raise a few eyebrows, it is unlikely that people will turn down the opportunity for cheap food. Selling on a market stall at a food market or arranging with a retailer to buy the products will make this easier, and the police are less likely to question the sale of chicken in this environment. 

So we can see that the products are at real risk, employees working hand in hand with outside groups can cause large losses very quickly here. In the agriculture sector, we have seen numerous large losses worldwide, and usually in basic food such as milk, meat, bread and cereals rather than finished products.

Typical Crime Losses for Food & Agriculture

There are multiple different potential crime losses for Food & Agriculture companies.

  • Addiction Issues  – These individuals start not wanting to be frauds but rapidly turn into a problem for the employee. Typically, they will have a drug, alcohol or gambling issue and will ‘borrow’ money to rectify an immediate situation, always to pay the money back. Usually, the problem spirals out of control and they start taking more and more to fix the problem until they finally realise that they cannot do it and flee. Whilst not the largest losses they can reach some big figures and 1 Mio. EUR is not uncommon, although figures in the hundreds of thousands are more likely.
  • Blackmail   – A member of staff is found in a compromising situation and criminals find out. They use this to force the employee to carry out some tasks to either enable them to access the employer (electronically or physically) or to simply force them to steal themselves. It can be anyone in a company, and losses can be from around 50,000 EUR for a straightforward taking of cash from the safe to millions of Euros from granting access to the computer systems. We see simple ideas such as leaving a door open to targeted blackmail on employees who hold passcodes for payments etc. in this example.
  • Invoice Fraud  – A member of staff who has control of tendering or contracts will conspire with a supplier to inflate invoices. Usually, they will split the difference between the ‘real’ price and the stated price. This will mean that either poor quality services are supplied or overcharged services with reasonable quality are given. This can very quickly add up, and if the staff member is allowed a level of autonomy in this area it can be hard to detect as they will often receive fake quotes to cover the fraud.
  • Delivery Fraud – This often works for hand in hand with either blackmail or general corruption. A gang will find a suitable member of staff who has access to warehouses or other storage facilities and find a way to get them to aid them in their plans. This can be through a simple cut of the profits (Improper Financial Gain) or blackmail. Either way, the staff member will grant them access to the facility through either forged paperwork or being there themselves to open the door. Whole lorry loads of goods can be taken, and losses can mount up quickly. Only when the goods are not paid for, the loss is discovered, which can be some time down the line. Achieving security against this can be difficult as the papers to release the goods will be official and unlikely to be queried at the gate.
  • Bookkeeping Fraud – A simple fraud that involves transfers of money, payments and general accounts of the client. No real sophistication to it – just plain theft. 
  • Social Engineering / Fake Presidents – These are two differing frauds but have the same method at their heart. Both rely on a level of trust either built up over time or gained by electronic means. 

    Social Engineering can take the form of regular phone calls building up a rapport, targeted emails (finding out the hobbies of a member of staff and then sending them links – Spear Phishing), or even working on an out-of-work friendship which then turns into a request for help. All of these come under the Social Engineering banner. Once the trust is established, there will be a request to transfer funds, either for a legitimate-looking reason or for help to the person conducting the fraud. Once the money is transferred, the contact usually ceases immediately.
     Fake Presidents is where a call is made seemingly from the CEO or CFO, usually on a Friday afternoon, requesting an urgent fund transfer. Usually, the reason is that if the transfer does not go ahead, a deal will fall through harming the company. The call will seem to come from the senior staff members but will be the criminals. They can hack phone systems to present the phone number of the person they are impersonating, use email addresses which are one letter different to the person etc. A less sophisticated version is hijacking emails and changing bank details at the last minute, in a deal to the fraudster’s account. 

Conclusion about Crime Insurance in Food & Agriculture

As we can see from the described above cases, “non-tangible damage” (financial) losses, caused by infidelity of employees or third-party criminals, can bring quite a significant gap in the balance sheet of any Food & Agriculture enterprise. On the other hand, such losses are not covered by a standard property damage/business interruption insurance contract. Additional commercial crime insurance policies are recommended. The indemnity limit of 1 million EUR costs starts from 50,000 EUR, as a rule, with the same amount of deductible.

Related Insights

Brian Alexander, GrECo Group Practice Leader Financial Institutions

Brian Alexander

Group Practice Leader Financial Institutions

T +43 5 04 04 342

Shylov Maksym, GrECo Practice Leader Food & Agriculture

Maksym Shylov

Group Practice Leader
Food & Agriculture

T +48 22 39 33 211

Property damage caused by war on land – aspects regarding insurance cover

It is a principle of insurance that due to the potential accumulation of claims there is a general exclusion of damage caused to a risk (buildings, factories, their technical equipment, installations, stocks and other contents) in connection with war and civil war.

In this information and in oncoming postings we will focus on the question what actions of war as we see them currently in Ukraine mean for the existence of insurance coverage and for payments of damages by the insurer. We start with the most important part, considering the values involved, property insurance and property business interruption (BI).

Exclusion and termination of cover

It is a principle of insurance that due to the potential accumulation of claims there is a general exclusion of damage caused to a risk (buildings, factories, their technical equipment, installations, stocks and other contents) in connection with war and civil war. The standard definition of this exclusion is “exclusion of damage caused as direct or indirect consequence of any kind of military action, with or without declaration of war, and all violent actions by states; further caused by civil commotion, uproar, rebellion, revolution, civil war including all military or police or other state measures in connection therewith.”

Standard European insurance wordings do not automatically terminate insurance contracts if the situation described by the exclusion quoted occurs. Quite on the contrary, they state clearly that cover remains in existence, but the insured has to prove that a fire occurred during war time does not have its origin in war or any military action.
There are insurance contracts, however, that terminate cover at the outbreak of war, so it is important to have a look in the standard or written wordings applicable to each individual insurance contract.

Most reinsurance treaties still have the World War clause, saying that the treaty ends in the case of a war between the nations United States, Russia, United Kingdom, France and China. So, the extension of the current conflict into a war between Russia and NATO would most probably trigger this clause. But we are not there, and we can only hope that we never will.

Grey area sabotage, arson and terrorism

War and warlike action, the breakdown of public order may lead to loss events, like damage due to sabotage, arson committed by persons inside and outside a company, acts of terrorism. Here we enter a certain grey area, as far as insurance coverage is concerned. Each claim will obviously be analyzed very carefully whether it is a case of indirect consequence of the war, as defined above, or whether the property damage occurred independently from the conflict situation.

Another point to be considered is that the insured must in fact own the premises insured at the time when the loss occurs. Any change in this ownership, such as seizure or requisition – not insured in property insurance, as this is a political risk – but also abandonment of or being chased from premises will most probably suspend coverage. If the ownership is still existing as a title, but no employees are left on the premises, this means that the control of the risk has been given up and the usual obligations of the insured cannot be fulfilled any longer, which causes serious doubts regarding the validity of cover.

Non-Property Damage Business Interruption

These principles in respect of property insurance apply equally to business interruption. Even if a Non-Property Damage Business Interruption endorsement has been agreed, this follows the basic and general conditions of BI. So, in the case of an enterprise standstill due to the lack of energy supply, cut of ways of communication, disruption of the supply chain, lack of workforce etc. there will always be an evaluation whether these events are due to a situation of war or not.

Although the margin for negotiation is rather small for a broker in this context, GrECo will do the same as in every other loss event, that is to support the interests of our clients in order to reach a fair and just evaluation of the insured’s claim and to obtain wherever possible a correct loss payment from the insurers.

Related Insights

Andreas Krebs

Andreas Krebs

Head of Insurance Mediation Services

T +43 5 0404 229

Green Responsibilities on the Rise

Green responsibilities on the rise

The upcoming renewals will continue to be driven by a highly competitive insurance market under pressure. Comprehensive risk analyses combined with a presentation of the risks will be necessary for a successful renewal.

It is common knowledge that the insurance market is navigating through a difficult period. A lot has been said about increasing premiums and decreasing limits. However, little attention has been paid to the changing risk landscape and the impact that these changes could have on insurance contracts.
 
Bricks are turned into batteries“, “WE CARE. For PEOPLE the PLANET and the FUTURE“, “Adding the Extra to the Ordinary” are examples of corporate vision statements and headlines of articles that are published on the internet, in print media, company reports and on websites.
 
Among other things, these statements mirror the ability of innovation and sustainability and offer a glimpse into the future development of companies. At first glance these statements have absolutely nothing to do with changes in the risk landscape. Bricks have been used as a building material for thousands of years, sustainability is an age-old principle in many business sectors, and machine-driven products such as elevators have been produced and serviced for decades.

ESG efforts change liabilities

Looking deeper, however, it quickly becomes clear that these statements also contain significant changes in risks and show similarities. A brick that is not only used as a building material, it also provides the storage space for electricity, representing at least another, if not higher, product liability risk.
 
Less obvious is the fact that companies’ sustainability statements may result in new liabilities. ESG is a voluntary contribution by businesses to sustainable development that has been increasingly codified in laws. A violation therefore no longer remains without sanctions but comes with enormous penalties and might lead to claims for damages.
 
For example: In Italy, ENI was sentenced to a fine of 5 million EUR for describing a diesel product as “green” and thus deceiving consumers. In the Netherlands, a ruling by a civil court required Shell to change its guidelines and requirements to ensure that the Shell Group’s CO2 emissions in 2030 would be 45% lower than in 2019.
 
ENI’s “green” diesel was probably more expensive than “normal” diesel. Consumers could claim for damages because they had trusted the environmental friendliness of the green diesel, refuelled their cars with it, and then sued ENI for the additional expenses they had. Looking at the judgement against Shell, a similar situation might arise. If Shell does not achieve the target set out in the court decision by 2030, and if, for example, harvests fail due to environmental influences that can be traced back to climate change, farmers affected by crop losses might sue Shell for damages as a contributor to the climate change.
 
Not only product changes, but also changes in the company’s offerings may lead to new risks. The statement “Adding the Extra to the Ordinary” is just one of many examples that clearly shows that more and more manufacturing companies are evolving into system providers. Over and above typical maintenance services, companies have added a wide range of services to their portfolios, including software solutions or product trainings. Manufacturers therefore not only have to consider production risks but also risks associated with the provision of services.
 

EU Interests: Consumer Protection

These developments are accompanied by the EU paying more and more attention to consumer protection. From today’s perspective, the exemplary claims for damages against ENI and Shell are rather unlikely in most European legal systems, since class actions, common in the USA, are not possible in most European countries. However, the recent diesel scandal has shown that such claims could in principle also be raised in Europe.
 
Unlike in the USA though, far more stringent legal conditions would apply. This current lack of class actions can be seen as a kind of protection of European companies against the risk of extremely high consumer compensation claims.
 
This protective cloak might soon be lifted. In November 2020, the European Parliament passed the “Directive on representative actions for the protection of the collective interests of consumers” to protect collective consumer interests from breaches by companies under EU law. The directive is to be implemented in national legal systems by 31 December 2022. This new guideline will not only lead to changes in the basic liability of companies but will greatly increase their risk of being faced with extremely high compensation claims.
 

“We are well insured in any case”

This statement is often heard in connection with claims. In view of the changing risk landscape, however, the question arises whether the existing insurance solutions also offer the expected and necessary protection. Claims for damages from services generally comprise financial losses that are not derived from personal injury or damage to property (so- called “pure financial losses”). A violation of ESG rules can also result in property damage or personal injury, but the greater number of possible damages will be associated with pure financial losses.
 
In contrast, covers from traditional business and product liability insurances are specifically geared towards property damage and personal injury. Including pure financial losses is only possible to a limited extent. Even if so-called “open pure financial losses” are included in a liability contract, the limits agreed for this extension will not be enough to cover the sums claimed in the event of a violation of ESG rules.

Corporate financial loss coverage

D&O insurance usually offers managers protection against ESG claims. But what about the companies, are they adequately protected? In most European legal systems, third parties cannot directly claim damages from managers, only from companies. Should they be found liable for that damage, they can take recourse to managers for compensation payments. The insured event according to D&O is only triggered when the company claims compensation from the manager. To insure this recourse, companies bear the burden of enormous advance payments when it comes to ESG claims. Whether the D&O insurer pays the damage at the end of the day or whether the D&O insurer’s services are limited to defending the manager depends on each individual case and cannot be foreseen. Adequate insurance protection for the company itself can only be built up by means of appropriate financial loss coverage. Currently available insurance products, like the employer’s practice liability, provide only partial protection against ESG risks. Notwithstanding that, the insurance market is increasingly under pressure to insure companies against ESG losses in their entirety. To better address this need, insurers will have to come up with appropriate product innovations.
 
Already, the market is reacting to the changing risks of manufacturing companies that are evolving
into service-led businesses. Various insurers offer products that specifically address the risk of pure financial losses for companies offering software solutions in addition to their products.
 
The upcoming renewals will continue to be driven by a highly competitive insurance market under pressure. Comprehensive risk analyses combined with a presentation of the risks will be necessary for a successful renewal. The related work should be used to check the extent to which individual companies’ risks have changed and whether existing insurance policies still offer sufficient protection.

Thomas Herndlhofer

Practice Leader Liability

T +43 664 822 20 59

Related articles

Geopolitics Shapes the World to Come

Our multipolar world and its myriad of geopolitical forces presents us and our clients with a vast, multidimensional array of risks. As bleak as this may sound, geopolitics and its impact on energy also offers a number of opportunities.

Czytaj dalej …

Buyer’s guide Risk-based purchasing of cyber insurance

New cyber threats are evolving almost every day along with insurance concepts.

However, it is clear that the cyber insurance policies available on the market pursue different objectives: some providers look primarily to cover damage and losses caused by a business interruption resulting from a cyber incident, while others focus on liability cover for a claim based on data breaches. Only focusing on the price of different products can lead to nasty surprises in the event of damage. In addition to the suitable scope of cover and an adequate risk premium, it is also important to choose the right sum insured for cyber insurance.

Before taking out cyber insurance, we recommend that you identify and quantify your own cyber risks within the company and define a strategy for risk management. Our buyer’s guide shows how you can use the GrECo cyber risk assessment to make the best possible decision in terms of cyber insurance.

Step I: Identification of the company cyber risk

The cyber risks of a company, such as cyber attacks, data breaches or IT errors of employees, are diverse. Companies must first of all face the challenge of identifying these risks. Here are some examples of the most significant risks for most businesses: data risk, operational risk, criminality risk and reputational risk.

The most significant cyber risks for companies

Step II. Determining the adequate sum insured

If the company’s cyber risks are identified, we recommend qualifying and quantifying these risks. Cyber risks can also be prevented or at least reduced in most cases by specific risk management, but a residual risk almost always remains. The residual risk of a potential major loss is covered by cyber insurance. Choosing the right sum insured and deductible commensurate with the risk involved can be a challenge. The evaluation approach must be chosen, based on the risk type. The evaluation of the loss potential resulting from data theft follows approaches other than the evaluation of a business interruption following a cyber attack on IT infrastructure and key systems. The insurance market currently has sufficient capacities, even if high sums insured are required as is the case with multinational companies. The specialists of GrECo Risk Engineering are on hand to help you prepare loss potential analyses for cyber risks. Read the article “Identify your risks. Don’t burn your money.”.

Step III. Evaluation of cyber resilience

Cyber resilience is a comprehensive strategy for enhancing the resistance of a company’s IT systems to cyber attacks. International standards such as ISO 27001 or the cyber security framework of the international standardisation authority NIST offer recognised models for establishing, implementing, examining and continuously improving the company’s own cyber resilience.

But it is not appropriate to introduce these standards for all companies. These certifications are often too complex and cost-intensive, especially for SMEs. However, cyber security services such as cyber penetration tests, awareness training courses and cyber scoring reports are available to help SMEs to build up their cyber resilience.
The cyber scoring report allows companies to establish their digital footprint quickly and cost-effectively. Leaked, publicly available company data (e.g. email addresses, passwords, user names, etc.) is searched for during a desktop scan of the internet and darknet. The result of the report shows the company’s digital footprint, from which it can be concluded how the employees move in cyberspace, how visible the company is for cyber attacks (reputation in cyberspace), whether recent attacks can be detected, etc.

Cyber insurance ultimately safeguards corporate assets …
The awareness of the possible loss potential is an essential requirement for the decision on an insurance solution and its characteristics. Cyber resilience safeguards material and immaterial corporate assets and supports the purchase of cyber insurance in terms of quality and price.

As every minute counts with cyber damage, cyber insurance also offers important services such as immediate telephone protection, an IT expert network, and legal and PR support in order to overcome the cyber incident in the best way possible and prevent a negative impact on the company’s reputation. After the crisis has been overcome, cyber insurance takes responsibility for first-party and third-party liability losses.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Guido Teutsch

Specialist Employee Benefits

T +43 5 04 04 – 247

How hackers work…

Crisis manager Crawford & Company explains

Cyber criminality can take on a number of forms – but one aspect always remains constant: the criminal energy of the attackers!

The hackers’ motivation is to seriously disturb a company’s operations and to gain a financial advantage from the criminal act – with correspondingly negative consequences for the parties concerned. If this scenario occurs, the following are crucial: good preparation and professional and coordinated actions!

Attackers usually gain access to the IT systems of the parties concerned and the sensitive data stored on these systems. In the past, the main focus of the risk assessment was often on the associated data protection and regulatory aspects. These aspects must always be taken into account, as otherwise there is the potential for hefty fines from the supervisory authorities. The recent past shows that authorities are increasingly imposing these types of fines due to data breaches (e.g. in accordance with the GDPR).

Fraudulent emails and encryption Trojans

The usual attack vectors are still often email fraud or attacks with encryption Trojans (ransomware). Over the past 12 months, we have been monitoring the trend towards increasing targeted attacks that are often based on social engineering (e.g. by phishing emails) in conjunction with complex, smart and automated malware (such as e.g. Emotet which is deemed to be one of the most destructive and cost-intensive malwares).

The damage and losses resulting from cyber incidents may take on significant proportions in many cases. In addition to the regulatory aspects mentioned and data protection, the potentially significant damage to the company’s reputation and the financial losses of this company must also be taken into account.
The financial losses incurred are not restricted to the monetary expenditure for restoring data, IT forensic analysis and the evaluation of the attack, and to the costs of involving specialist lawyers and PR consultants. Financial losses that result from the temporary standstill of businesses or even entire corporate groups are increasingly playing a leading role in the risk assessment.

Crisis management with professional help in the event of damage

In addition to preventative measures for defence against and prevention of attacks, acting quickly and professionally in the event of damage or loss is usually the key to best overcoming cyber incidents and reducing the resulting damage and losses. In terms of crisis management, an external crisis manager may coordinate the management processes involved centrally together with the companies involved. With access to a carefully chosen and extensive network of external specialists as a result of framework agreements with IT forensic experts, lawyers and PR consultants, Crawford has the resources to offer active support in the event of damage or loss. Experts experienced in major damage and losses work at Crawford as crisis managers to offer support during the whole process, from the initial analysis and mitigation of the incident to the subsequent damage claims process as part of cyber insurance. This fully integrated crisis and claims management process represents a smooth and efficient solution for the entire cyber insurance claim.

GrECo best practice recommendations for mitigating the damage of a cyber incident

Florian Sättler is Head of Cyber Services, Germany/Austria and works as a Cyber Incident Manager at Crawford & Company (Deutschland) GmbH. The qualified industrial engineer started working as an expert in insurance claims for Crawford Global Technical Services (GTS) in 2014 and investigated various large national and international claims in the commercial and industrial sector. He has been an accredited Crawford GTS Cyber Incident Manager since 2017 and is responsible for crisis management/incident response in the event of cyber incidents, with a focus on Germany, Austria and Switzerland in cooperation with Crawford network partners.
Crawford & Company is the world’s largest listed and independent claims provider and has been helping policyholders and insurers with the solution-oriented processing of claims resulting from cyber criminality since 2014, using the Crawford CyberSolution. Crawford & Company has approximately 9,000 employees globally and has already processed well over 1,000 cyber claims.

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Guido Teutsch

Specialist Employee Benefits

T +43 5 04 04 – 247

Attacks every second

International trend in cyber criminality
A glance across the pond with AXA XL

The prediction that companies are affected by cyber attacks worldwide every 14 seconds was made in 2017. However, the actual intervals were a lot shorter in October 2019. Cyber criminals attempt to gain access to a company’s systems every ten seconds.

If 2019 has proven something, it’s that hackers are becoming a lot more cunning with their methods and their targets. The losses caused by cyber criminality amounted to 2 billion dollars in 2019. Losses of over 5 billion dollars are expected by 2024.

This amount could rise even further, especially as cyber criminals often change their methods of attack. It’s becoming a race against time for companies trying to stay one step ahead of the hackers; a vulnerability must be eliminated while another is already evolving.

However, the most common method used by hackers to gain access is still a well-known one. Phishing through emails or social media actually continues to be at the top of the list. Phishing attacks increased by 65% last year (2018-2019) alone.

However, the knowledge of how hackers get in – and what they target – provides valuable input when it comes to introducing preventative measures.

Let’s analyse the three main trends in cyber criminality which dominated 2019.

1. Ransomware (ransom demand)

The volume and frequency of ransom demands increased in 2019, which indicates that this is the preferred method of attack for many cyber criminals. The reason is that these attacks are easy for hackers to carry out and have a high success rate. They access the system, lock out users and demand a ransom. It’s that easy!

By all accounts, ransomware is expected to continue to grow exponentially as the preferred method used by cyber criminals. The main causes of ransomware (ransom demands) so far have been negligent employees (51%), ineffective virus protection (45%) and outdated or unpatched software or security precautions (26%). Fortunately, these causes can be tackled effectively by most companies:

  • Training employees to recognise and handle fraudulent emails or telephone calls where company information is requested may significantly reduce the risk of employee errors.
  • A clear procedure for reporting suspicious activities should be part of a company’s overall strategy for mitigating risk.
  • IT departments should also perform regular updates of all software and security applications and ensure that the current virus protection programmes are able to respond to new threats as soon as they appear.

2. Focus on public institutions

The numerous high-profile cyber attacks on government institutions help to raise awareness. In May 2019, the city of Baltimore was affected by a ransomware attack for the second time in just 14 months. The attack cost the city over 18 million dollars. The original ransom demand the city did not want to pay amounted to 76,000 dollars.

In order to prevent attacks, public institutions that only have low budgets or no budgets at all for cyber security could still use some of the aforementioned preventative strategies – training employees in how to respond correctly and report attacks, updating systems and applications on a regular basis and ensuring that their virus protection is up-to-date.

3. Biometric data

Facial recognition Scanning of fingerprints Retinal scans Current identification instruments are also a hotbed of exposure from hackers and opposing parties. A logistics company that offers business and administration services for the elderly throughout USA recently violated the Biometric Information Privacy Act (“BIPA”). The company uses a biometric time recording system that requires employees to use their fingerprints as a means of authentication instead of key fobs or identity cards. The employees must scan their fingerprint to be entered in the database. The plaintiff claimed as part of a class action that the company did not observe the BIPA in terms of recording and using fingerprints. However, in this case, an early settlement was reached and the total costs of defence plus the settlement amounted to approximately 600,000 dollars.

Companies should work transparently whenever biometric data is recorded and/or stored. Clear disclosure of the practice and obtaining written approval protect both the company and the owner of the biometric data. Companies should also state how the data is used and stored during a disclosure and consent process.

Keeping hackers at bay

Cyber risks are constantly developing in terms of volume and form. The cyber liabilities are being restructured, from ransom attacks to biometric exposures.

Regardless of whether they are ransom threats or risks caused by the use of biometrics, your company should check systems and guidelines to ensure that system availability and compliance with data protection laws are sufficient. You should also know how your company will respond and what responsibility you assume in the event of a violation or a breach of data protection requirements. AXA AL offers the best possible insurance solutions for these risks for medium-sized to large multinational companies worldwide.

Mag. Verena Schmidt
Underwriter Austria & Central Eastern Europe
International Financial Lines
AXA XL, a division of AXA
T +43 1 50 60 2109
verena.schmidt@axaxl.com

Dennis Bertram
Underwriter Cyber and
International Financial Lines
AXA XL, a division of AXA
T +49 221 16 887 122
dennis.bertram@axaxl.com

www.axaxl.com

Related Insights

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Günter Hubmann

Deputy Competence Center
Manager Liability

T +43 5 0404 219