Assets are defined through a threat and vulnerability analysis and an inventory is created of if and how these assets are protected.

Development of an emergency plan in the event of a cyber attack.

In order to identify your first vulnerabilities, it is worth using screening tools that point to open vulnerabilities in IT security for just a small investment.

An individual and comprehensive test by a specialized IT security consultant delivers precise results.

Many statistics show how important the factor of employee misconduct is. Around 2/3 of all cyber incidents are due to negligence (e.g. incorrect assessment of the situation), omission or even intent on the part of staff.

Employees can be regularly trained in information security. This can be done efficiently and cheaply, and it is highly effective in significantly reducing the likelihood of a cyber incident.

Assets can be: personal data, processes, process engineering or - obviously - your own IT infrastructure.

First, it's important not to panic and to make thoughtful and prudent decisions. However, time is a crucial factor.

Is there an emergency plan? If not:

• Who takes on what responsibilities?
• Which service providers are consulted? Are there any existing contacts or agreements with service providers?
• Is it the right service provider? Few system houses have sufficient knowledge for responding to such incidents.

At its core, cyber insurance covers many of the risks that threaten information security. This wealth of services is linked to conditions and requirements. These become obvious when you look at the "exclusions and obligations" (instructions on how to behave) of the contracts. This includes the definition of the insured event and the triggers.

For example, some contracts provide for quite complex "state of the art" clauses or require qualified backup, patch or authorization management, which is often difficult to implement operationally and can lead to discussions in the event of damage.

The definition of an insured event sets the course for settlement of the claim. Certain conditions must be met for damage to be regulated.

In the insurance market, however, the cleansing of cyber risks in non-cyber insurance contracts is ongoing. In this way, content from cyber risks is excluded from conventional forms of insurance. This is done to eliminate "unpredictable" risks and to establish the cyber insurance solution as a "stand-alone" solution.

Quite often, despite having cyber insurance, there are needs that are not covered by "standard solutions". Also, some obligations are incompatible with their customers' operational activities. This needs to be checked to find out if your cyber insurance suits your company.

At their core, all products come with assistance, third party and first party coverage. However, the terms and content of the insurance products are very different.

Even well-known comparison portals and rating agencies do not manage to create a deep, uniform and understandable basis for comparison.

Important differences in the content of the general conditions are taken into account less often, but are decisive for a suitable cover protection.

Cyber insurance covers many risks. However, 100% protection can never be guaranteed. Residual risks can be intentional damaging crimes by management or employees, or failures in public infrastructure.

"As much as possible" - That's the answer given by many consultants. However, one shouldn't choose a coverage amount out of the blue in the hopes that this is sufficient. Instead, one should determine the coverage amounts using cyber risk management methods. Therefore, in this case, a business impact analysis (BIA) is recommended to limit and document the sums, as between €1,000,000 and €10,000,0000 of the sum insured is usually several thousand euros in premiums.

Audits by insurers or external specialists are also used from a certain risk level. Factors can be company turnover, high insurance amounts or special risks/industries.

Previous damage is generally not an exclusion criterion. Some insurers are flexible here and are re-evaluating the situation.

Of course, the lessons learned and measures taken from the cyber incident are decisive.

Restrictions in the conditions, reduced sums insured or increased deductibles must be expected.

"Hackers" are often the first thought and in fact this organized crime poses a great danger. According to the FBI, for the first time ever, cybercrime is outperforming the international drug trade.

Errors by employees or third parties (providers), for example, through incorrect data transfer to third parties, incorrect handling of your own IT or even simple system failures, can lead to damage.

Ultimately, every company has assets. At the very least, sensitive employee data is an asset particularly worthy of protection, according to DSGVO/GDPR, because its publication entails high sanctions.

Money is the main motivator.

Other motives are: vandalism, recognition, competition, politics, ethics, information gathering and other personal reasons.

In addition to the presumably already catastrophic shutdown of operations, there are often threats of the final deletion of all data or even the publication of data that is particularly worthy of protection. Here, the attackers' strategy depends on the operating mode.

In a nutshell, don't expect any help from the government — especially operational help to get your business up and running again.

Although the Federal Office for Information Security provides extensive information on all topics in this area, there is no "mobile task force" or other operational support.

Authorities and the police naturally investigate the criminal offences.