The global and independent platform for the SAP community.

Cyber insurance is the IT standard

The first cyber insurance policies for companies were offered in the DACH region a good ten years ago. Since then, the market has grown and the insurance offerings have matured considerably.
E3 Magazine
August 14, 2024
avatar
This text has been automatically translated from German to English.

Insurers have understood the potential IT security risk and have aligned and diversified their insurance policies accordingly. Although it is a growth market, it is becoming increasingly difficult for policyholders to take out insurance at attractive conditions if adequate security precautions are lacking or cannot be proven.

Arctic Wolf, a provider of security operations, has published the results of its annual State of Cybersecurity 2024 Trends Report. The report is based on a global survey of more than 1,000 senior IT and cybersecurity decision-makers.

The latest study by Arctic Wolf shows that more than half of companies in Germany, Austria and Switzerland now have an active cyber insurance policy. A further 39 percent stated that they are either currently taking out a policy or will be looking to do so within the next twelve months. Only five percent are hesitant or are in a situation where they do not qualify for insurance cover. Nevertheless, the DACH region is currently still a growth market.

"100% cyber protection is not realistically possible at a time when attackers are working with the help of AI and a high degree of professionalization and are targeting ever larger attack surfaces," explains Sebastian Schmerl, Regional Vice President Security Services EMEA at Arctic Wolf. "That's why cyber insurance is an important tool for covering the 'last mile' of cyber protection, i.e. minimizing potential financial losses. But of course, insurance is no substitute for comprehensive security measures, it is the last resort."

Due to the tense threat situation and growing losses, insurance companies are now carrying out a detailed risk assessment and reviewing the protective measures used before granting insurance and setting the premium amount.

Added security value: In the current Arctic Wolf study, the use and value of
Security measures in demand. Firewalls are the top priority for companies.

"Providing evidence of security measures can be a challenge if there is no overview of the measures in place or specific emergency plans," says Sebastian Schmerl. "All security-relevant data comes together in Security Operations Centers - SOCs - which facilitates the exchange of information with insurance companies. As medium-sized companies in particular do not usually have their own SOC, companies and insurance companies can work together with security partners that offer security operations as a service.

These not only monitor the attack surface and improve the security situation, but also provide all the information required for risk assessment and thus the basis for setting the insurance premium."

Ransom is often paid

Cyber criminals are putting their victims under a lot of pressure and demanding ever higher ransoms. An analysis by Arctic Wolf revealed that initial ransom demands rose by 20 percent last year to an average of 600,000 US dollars. Contrary to the recommendation of law enforcement authorities, a ransom was paid in 82% of cases worldwide last year (77% in DACH), and in 30% of cases the cyber insurance covered at least part of it. In nine out of ten cases in the DACH region, a ransomware negotiator was also called in, who was able to successfully reduce the amount in around 60% of cases.

There is a huge time lag in dealing with security incidents, which varies greatly from attack to attack. Ransomware cases, for example, take significantly longer than business email compromise cases. According to Arctic Wolf, it takes on average around
70 days until the incident response activities for a ransomware incident are completed and full business continuity is restored.

If an attack has been detected, companies can approach incident response providers themselves. The German Federal Office for Information Security (BSI), for example, provides a list of qualified APT response service providers on its website who can help defend against ongoing or past attacks. Alternatively, cyber insurance providers can also work with security providers such as Arctic Wolf.

arcticwolf.com

Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.