Since the first insurers started to cover cyber risks in special policies a few years ago, cyber insurance has become one of the most present topics on the global insurance market. More and more German insurers have started to roll out cyber policies as well.

At the same time, potential policyholders often still remain sceptical as to whether or not they should take out a cyber policy. This is also a result of the very different coverage approaches taken by different carriers which makes it difficult for policyholders to compare various offers.

This is one reason for the German Insurance Association (GDV) to develop new model terms and conditions for cyber products. The GDV will publish the model wording within the next two weeks. The GDV has already developed model terms and conditions for many other common insurance products and intends to support the development of the cyber insurance market. The new model wording should also make it easier for insurance brokers to get a better market overview and provide best advice to their clients.

The target groups of the model wording are small and mid-sized companies with revenue of up to EUR 50 m and up to 250 employees. According to the GDV, these companies are especially on the fence about cyber policies since, too often, they still lack awareness of being a target of cyber-crime. By offering cyber related coverage and outlining possible liability risks, insurance companies can therefore be a factor to sensitise mid-sized companies for cyber risks.

The GDV model wording is divided into four parts: Part one includes general information about the scope of coverage. Accordingly, financial loss caused by an information security breach will be covered. An information security breach is defined as an impairment of the availability, integrity and the confidentiality of electronic data or an information processing system. Furthermore, the information security breach has to be a result of specific events, like unauthorised access to electronic data of the policyholder. Such clear definition of the subject-matter and scope of insurance is definitely an improvement since current wordings differ greatly. The model wording could also help to harmonise the definition of the insured event which currently varies from policy to policy. Part one defines the insured event as the damage that is verifiably identified for the first time.

Like the majority of German cyber policies, part two of the standard policy conditions implements certain cyber-related services, such as forensic and call centre services as well as crisis communication.

Parts three and four specify coverage for financial loss. While part three covers financial loss resulting from third party damage claims based on statutory liability provisions, part four deals with certain first party-losses, such as business interruption losses and costs incurred for data recovery.

It will be interesting to see to what extent the new model terms and conditions will lead to a harmonisation of different coverage approaches and an increase of the sales volume of German cyber policies.