Cyber Attack with Widespread Damage
As a company, outsourcing certain tasks to professionals can provide some relief for your employees and even smooth out processes. That’s also what a consulting firm that entrusted a service provider with the supervision of its IT environment thought. But the collaboration unfortunately soon turned into a real nightmare for both sides: Not only the consulting firm was the victim of a cyber attack, everything really went wrong when the systems were subsequently restored.
Cybersecurity Risk for Employees
One of the biggest cyber risks for companies is careless employees, as in this case: The IT systems at the consulting firm were initially infected with a cryptotrojan via the desktop of an intern. A cryptotrojan is malicious software (so-called ransomware) that automatically installs itself in networks and encrypts files there. Criminals usually demand a high ransom for the victim to regain access to their data. In the case of the consulting company, the malware went unnoticed for several weeks and encrypted around 60.000 files during this period – almost 30 percent of all company data.
Cyber Risks – the Human Factor and Outdated Technology
In addition to the careless intern, the completely outdated hardware and software at the company was also largely responsible for the infestation. The Trojan succeeded in overwriting files including backups and all file storage. When the error was noticed, only the databases and mailboxes were still available. But that’s not all: As it turned out, the responsible IT service provider had insufficiently protected the email server and backup server systems.
As a result, many of the lost data and systems could not be recovered. But it was not only the restoration of the systems that turned out to be problematic: When setting up the backend storage – the storage solution for backing up digital data – the IT expert made a configuration error during the connection. This resulted in a performance problem during the recovery. The mishap wasn’t noticed during operation for a long time, but nevertheless caused considerable time delays and further failures including subsequent errors during the recovery. Ultimately, the consulting company had no choice but to recreate the 60.000 overwritten files as the data was essential for the business consultancy.
Claim for Damages in the Six-Digit Range
Things got really expensive for the IT service provider following the debacle: The consulting company demanded more than 900.000 euros in damages for the insufficient protection of the IT systems and the error in the data recovery. In addition to the costs of restoring the data, the company also cited business losses that came about as a result of the business interruption and the missing data.
As part of the Professional Indmenity Insurance for Digital Professions taken out by the service provider, they reported the damage to exali customer service. The case was then immediately forwarded to the insurer’s claims department. In a first step, the insurer checked to see whether the claims were justified. During a detailed personal discussion between the IT service provider, the exali customer service and the insurer’s claims experts, it quickly turned out that there were also indications that the consulting company was partly to blame and, as a result, there were corresponding doubts about the amount of the costs for the restoration of the data and the overtime worked.
It was therefore agreed not to accept the claim in that particular form and to enter into negotiations with the injured party. Since the parties (insurer and injured party) could not agree on an amount for the justified compensation, the issue was ultimately clarified in court: After two and a half years of legal arguments, the parties agreed on a settlement of 175.000 euros. Still in the six figures, but only about 19 percent of the damages that were originally claimed.
The insurer covered the compensation for the financial damage as part of its Financial Loss Insurance, which is included in the basic protection of the Professional Indemnity Insurance. Among other things, it covers financial damage – so-called pure financial damage – that occurs as a result of professional errors and omissions with third parties. In this specific case, the insurer also covered the costs for the lawyers.
Professional Indemnity Insurance – More Than Financial Protection
This case shows once again that the benefits of Professional Indemnity Insurance cover more than the mere settlement of claims for comepnsation. The insurer not only steps into the breach financially, but also checks the accuracy of the claims made against you in advance. If the claims are justified, the insurer covers the costs. If the claims are not justified in terms of their grounds or amount, the insurer will defend against the claim on your behalf and bear any costs incurred for lawyers, experts and court proceedings.
As you can already see: Taking out a Professional Indmenity Insurance is a worthwhile investment in the continued existence of your company, because you are no longer at the mercy of claims for compensation, contractual penalties, fines, etc. alone. If you have any further questions, our customer advisors will be happy to help you from Monday to Friday from 9 a.m. to 6 p.m. Call us on +49 (0) 821 80 99 46-0 or use our contact form.
Calculate your premium now:
<span class='visible--desktop'>First-Party Cyber and Data Risks Insurance (FPC)</span>
<span class='visible--tablet'>First-Party Cyber and Data Risks Insurance (FPC)</span>
<span class='visible--mobile'>FIrst-Party Cyber and Data Risks Insurance (FPC)</span>
<span class='visible--desktop'><p><strong>This add-on protects your business from the risk of hacking, DDoS attacks or other internet crime.</strong></p>
<p>Reimbursed/covered:<strong> </strong>for example costs for the <strong>restoration of your IT systems</strong>, the commissioning of professional <strong>computer forensics analysts</strong> or specialised <strong>lawyers</strong> (including criminal defence) as well as for <strong>crisis management & PR</strong>. Additional costs for the quick elimination or avoidance of an interruption to your business are also insured.</p>
<h5>Further Examples of Damages We Insure</h5>
<ul class="liste">
<li>Damage to your own IT systems (from hacking)</li>
<li>First-party data rights claim (in particular spying on personal data)</li>
<li>Expenses for an (imminent) interruption of business (additional cost coverage)</li>
<li>Breach of trust damage (intentional damage to own IT by employees)</li>
<li>Costs for criminal defence (internet criminal legal protection)</li>
</ul>
<h5>Insurer Services</h5>
<p>The special benefit about this add-on is the assumption of your own <strong>costs</strong>, e.g. for the commissioning of:</p>
<ul class="liste">
<li>Computer forensics specialists</li>
<li>Specialised lawyers</li>
<li>Consultants to provide information to data owners</li>
<li>Professionals for PR & crisis management</li>
<li>Credit protection and monitoring services</li>
</ul>
<p>as well as the assumption of <strong>additional costs, e.g. for the use of third-party IT and computer systems.</strong></p>
</span>
<span class='visible--tablet'><p><strong>This add-on protects your business from the risk of hacking, DDoS attacks or other internet crime.</strong></p>
<p>Reimbursed/covered:<strong> </strong>for example costs for the <strong>restoration of your IT systems</strong>, the commissioning of professional <strong>computer forensics analysts</strong> or specialised <strong>lawyers</strong> (including criminal defence) as well as for <strong>crisis management & PR</strong>. Additional costs for the quick elimination or avoidance of an interruption to your business are also insured.</p>
<h5>Further Examples of Damages We Insure</h5>
<ul class="liste">
<li>Damage to your own IT systems (from hacking)</li>
<li>First-party data rights claim (in particular spying on personal data)</li>
<li>Expenses for an (imminent) interruption of business (additional cost coverage)</li>
<li>Breach of trust damage (intentional damage to own IT by employees)</li>
<li>Costs for criminal defence (internet criminal legal protection)</li>
</ul>
<h5>Insurer Services</h5>
<p>The special benefit about this add-on is the assumption of your own <strong>costs</strong>, e.g. for the commissioning of:</p>
<ul class="liste">
<li>Computer forensics specialists</li>
<li>Specialised lawyers</li>
<li>Consultants to provide information to data owners</li>
<li>Professionals for PR & crisis management</li>
<li>Credit protection and monitoring services</li>
</ul>
<p>as well as the assumption of <strong>additional costs, e.g. for the use of third-party IT and computer systems.</strong></p>
</span>
<span class='visible--mobile'><p>Protection against hacking damage to your own IT systems, DDoS attacks, computer misuse, theft of data carriers and other data rights violations and the majority of the resulting expenses and costs.</p>
</span>
<div class="spaceTop-20">
<div>If you have any further questions, our customer service is happy to help.</div>
<div id="rechnerKontaktForm" class="spaceTop-10">
<div class="col-grid col-grid--flush">
<div class="visible--mobile">
<div id="rkfPhone" class="service-item service-item--phone col col--10 text--center no-margin">
<a href="tel:+498218099460" class="rkfPhone--nr" data-eventpush="eventPush_phone_info">
+49 (0) 821 / 80 99 46 - 0 </a>
</div>
<div class="col col--2 no-margin no-padding position-relative">
<button type="button" class="close modal-info__close" data-dismiss="modal" aria-hidden="true"></button>
</div>
</div>
<div class="hidden--mobile">
<div class="rechnerKontaktForm--no-mobile">
<div id="rkfCallback" class="service-item service-item--callback col col--tablet--4 no-margin">
<span data-eventpush="eventPush_callback_info">
Request call-back </span>
</div>
<div id="rkfMail" class="service-item service-item--mail col col--tablet--4 text--center no-margin">
<span data-eventpush="eventPush_mail_info">
Contact us </span>
</div>
<div id="rkfPhone" class="service-item service-item--phone col col--tablet--4 text--right no-margin">
<a href="tel:+498218099460" data-eventpush="eventPush_phone_info">
+49 (0) 821 / 80 99 46 - 0 </a>
</div>
</div>
</div>
</div>
</div>
<div class="hidden--mobile">
<div class="infoKontaktForm"></div>
<div class="text--right cursor-pointer spaceTop-10">
<a data-dismiss="modal" aria-hidden="true">Close</a>
</div>
</div>
</div>
<span class='visible--desktop'>Engineering Activities (ENG)</span>
<span class='visible--tablet'>Engineering Activities (ENG)</span>
<span class='visible--mobile'>Engineering Activities (ENG)</span>
<span class='visible--desktop'><p><strong>If you provide engineering services exclusively or in addition to IT/telecommunications, you can insure the liability risks with the „Engineering Activities“ endorsement.</strong></p>
<p>The Engineering Activities extension provides <strong>blanket coverage</strong>. This means that all engineering activities are covered without the need for listing each and every activity. Those listed in the engineering endorsement are therefore merely illustrative examples:</p>
<ul class="liste">
<li>Hardware and software development for machinery and plant, embedded software</li>
<li>Machinery and plant testing, commissioning support</li>
<li>Quality management and assurance</li>
<li>Technical drawing, CAD, CAM</li>
<li>Technical management consultancy, in particular purchasing, strategy, process design, activities as expert</li>
</ul>
<h5>Requirements for Engineering Insurance</h5>
<ul class="liste">
<li>You <strong>do not provide engineering services</strong>, plants, machinery or associated parts and/or <strong>planning</strong>.</li>
<li>You provide engineering products <strong>in a supporting and/or advisory capacity</strong> and are not responsible fort he final engineering product.</li>
<li>No machines, systems, engineering products or other parts shall be put into series production directly / <strong>without approval and acceptance</strong> by the principal (keyword: final sign-off).</li>
</ul>
<h5>Deductible</h5>
<p>The deductible for financial loss and property damage is the same as the deductible selected for the financial loss insurance (FLI).</p>
<p>For more information, please refer to <strong>Section A.7 "Engineering Activities (ENG)"</strong> of the Insurance Conditions.</p>
</span>
<span class='visible--tablet'><p><strong>If you provide engineering services exclusively or in addition to IT/telecommunications, you can insure the liability risks with the „Engineering Activities“ endorsement.</strong></p>
<p>The Engineering Activities extension provides <strong>blanket coverage</strong>. This means that all engineering activities are covered without the need for listing each and every activity. Those listed in the engineering endorsement are therefore merely illustrative examples:</p>
<ul class="liste">
<li>Hardware and software development for machinery and plant, embedded software</li>
<li>Machinery and plant testing, commissioning support</li>
<li>Quality management and assurance</li>
<li>Technical drawing, CAD, CAM</li>
<li>Technical management consultancy, in particular purchasing, strategy, process design, activities as expert</li>
</ul>
<h5>Requirements for Engineering Insurance</h5>
<ul class="liste">
<li>You <strong>do not provide engineering services</strong>, plants, machinery or associated parts and/or <strong>planning</strong>.</li>
<li>You provide engineering products <strong>in a supporting and/or advisory capacity</strong> and are not responsible fort he final engineering product.</li>
<li>No machines, systems, engineering products or other parts shall be put into series production directly / <strong>without approval and acceptance</strong> by the principal (keyword: final sign-off).</li>
</ul>
<h5>Deductible</h5>
<p>The deductible for financial loss and property damage is the same as the deductible selected for the financial loss insurance (FLI).</p>
<p>For more information, please refer to <strong>Section A.7 "Engineering Activities (ENG)"</strong> of the Insurance Conditions.</p>
</span>
<span class='visible--mobile'><p>The Engineering Activities extension provides <strong>blanket coverage</strong>.</p>
<h5>Requirements for Engineering Insurance</h5>
<ul class="liste">
<li>You <strong>do not provide engineering services</strong>, plants, machinery or associated parts.</li>
<li>You provide engineering products <strong>in a supporting and/or advisory capacity</strong>.</li>
<li>No machines, systems, engineering products or other parts shall be put into series production directly/<strong>without the client's approval</strong> (final sign-off).</li>
</ul>
<h5>Deductible</h5>
<p>Same as the deductible selected for the financial loss insurance (FLI).</p>
</span>
<div class="spaceTop-20">
<div>If you have any further questions, our customer service is happy to help.</div>
<div id="rechnerKontaktForm" class="spaceTop-10">
<div class="col-grid col-grid--flush">
<div class="visible--mobile">
<div id="rkfPhone" class="service-item service-item--phone col col--10 text--center no-margin">
<a href="tel:+498218099460" class="rkfPhone--nr" data-eventpush="eventPush_phone_info">
+49 (0) 821 / 80 99 46 - 0 </a>
</div>
<div class="col col--2 no-margin no-padding position-relative">
<button type="button" class="close modal-info__close" data-dismiss="modal" aria-hidden="true"></button>
</div>
</div>
<div class="hidden--mobile">
<div class="rechnerKontaktForm--no-mobile">
<div id="rkfCallback" class="service-item service-item--callback col col--tablet--4 no-margin">
<span data-eventpush="eventPush_callback_info">
Request call-back </span>
</div>
<div id="rkfMail" class="service-item service-item--mail col col--tablet--4 text--center no-margin">
<span data-eventpush="eventPush_mail_info">
Contact us </span>
</div>
<div id="rkfPhone" class="service-item service-item--phone col col--tablet--4 text--right no-margin">
<a href="tel:+498218099460" data-eventpush="eventPush_phone_info">
+49 (0) 821 / 80 99 46 - 0 </a>
</div>
</div>
</div>
</div>
</div>
<div class="hidden--mobile">
<div class="infoKontaktForm"></div>
<div class="text--right cursor-pointer spaceTop-10">
<a data-dismiss="modal" aria-hidden="true">Close</a>
</div>
</div>
</div>
Yes, switch to {{targetDomain}}
You indicated that your headquarter is in {{targetCountry}}. So we will redirect you to the corresponding version of exali, {{targetDomain}}. Settings that have been made may not be transferred. The premium and scope of the insurance policies offered may vary slightly depending on the country.
Would you like to switch to {{targetDomain}}?
No, stay on {{currentDomain}}
You indicated that your headquarter is in {{targetCountry}}. So we will redirect you to the corresponding version of exali, {{targetDomain}}. Settings that have been made may not be transferred. The premium and scope of the insurance policies offered may vary slightly depending on the country.
Would you like to switch to {{targetDomain}}?
Yes, switch to {{targetDomain}}
No, stay on {{currentDomain}}
