Cyber insurance services

Preventive measures, Emergency management, Claims settlement

Once they are in the system, it can get very expensive very quickly: Hackers wreak havoc on companies with cyber attacks, often costing millions. Industrial espionage, blackmail, sabotage, data theft: To protect themselves financially against the consequences of computer crime, more and more companies are opting for cyber insurance. Insurers rely on experienced partners to meet the complex requirements for good all-round protection.

The danger is omnipresent

Not a day goes by without new headlines about data leaks and hacker attacks. And it's not just large corporations that fall victim to hacker attacks. Medium-sized companies are exposed to just as great a risk as small craft businesses and freelancers - and need protection accordingly. Should a cyber attack still succeed despite well-maintained IT systems, cyber insurance protects against the considerable financial damage.


Cyber Risk: How hackers use unwary employees as targets of attack

One important tool is regular training and education of employees. An experiment conducted by the cybersecurity company Trustwave has shown how easily attackers can reach their target through the carelessness of company employees. Trustwave employees equipped five USB sticks with special malware, stuck logos of the target company on them and then laid the USB sticks out in the cafeteria. The result: all USB sticks were taken by employees, two were used in computers within the company, and one was successful from the attackers' point of view: the installed malware automatically installed itself in the background and gained access to the control of the company's security and locking system. There are many prominent examples of such USB attacks, most notably the Stuxnet worm, which specifically targeted industrial equipment of a market-leading manufacturer and was distributed in a similar manner.

Another experiment by IT security experts has tested the security of a company's wireless network. The team commissioned by the company's management to conduct the test had reprogrammed a battery-powered router to check Wi-Fi connections in its vicinity for vulnerabilities and log into unencrypted networks to read data traffic.

The testers put this router in a shipping box and addressed it to an employee who did not even exist in the company. The package was passed through several departments of the company in search of the correct recipient until it was finally returned to the sender. In the meantime, the router had made numerous network connections and read out sensitive customer data due to inadequate IT security. The examples show: With better information for employees, companies can protect themselves to a certain degree.

The financial consequences for German companies are severe: Overall, cybercrime caused 43.5 billion euros in damage to the German economy between 2016 and 2018, reports the online portal According to the report, German companies had to spend 8.8 billion euros to repair the damage to their image among customers and suppliers. 6.7 billion euros were spent on outages and thefts, and 5.7 billion euros on investigations and replacement measures. For small and medium-sized businesses, the costs caused by cybercrime often threaten their very existence, while IT systems or IT security architecture do not offer comprehensive protection against increasingly complex cyberattacks, especially in smaller companies.

Cyber insurance limits the financial damage

This is where cyber insurance comes into play, which can and must be just as complex and sophisticated as the hackers' attack strategies. These policies are usually a combination of liability insurance, business interruption insurance and data insurance for third-party and self-damage in the form of financial loss. This covers not only the loss of funds, possible business interruption and any ransom payments, but also third-party damage.

If a cyber attack occurs, first aid and damage minimization are particularly important. Providers of cyber insurance therefore work with service providers who help affected companies in an emergency. They play a key role in returning company processes to their normal state in a controlled manner so that business operations can be resumed. Cyber insurance therefore not only mitigates the financial damage, but also supports the affected companies in minimizing the operational consequences of an attack.

Cyber-Insurance: How EXCON supports the insurance industry

EXCON supports insurers here as a partner with various services. We support the industry in three central phases in dealing with damage caused by computer crime: in prevention work to minimize risk, as a first responder in the event of damage, and in the final settlement of the claim.


EXCON trains employees of the insured company on site or on a virtual platform and provides educational work regarding current threat scenarios. In addition to an initial introduction to the topic, regular follow-up trainings are important in order to keep pace with the permanent change in the given threat situation.Additionally, EXCON provides the option to conduct unannounced and random testing to verify and maintain employee risk awareness.

Emergency management

As part of the EXCON partner network, policyholders have access to a continuously staffed emergency center that can respond at any time in the event of damage and coordinate the necessary countermeasures. EXCON works with experts in the fields of IT security and IT forensics to analyze the damage, close the security gap and secure data.In addition to technical support in dealing with the consequences of a hacker attack, EXCON also advises policyholders on informing customers, suppliers and partners and supports them in crisis communication and corresponding PR measures.

Claims settlement

EXCON is available to policyholders as a contact partner in all phases on behalf of the insurance company and processes insurance claims from the notification of the claim to the possible payment. In the process, EXCON develops individual, automatable processes for computer-assisted document verification and, together with the insurance company, creates a catalog of criteria for assessing whether a claim is covered by the policy and the amount to be paid out.