The number of ransomware attacks and spear phishing attacks in Europe continues to rise rapidly - cyber insurance is therefore becoming a necessity for companies
In 2023, 83% of cybercrime attacks were caused by external attackers. The attacks were almost exclusively financially motivated.
Spear phishing attacks have tripled since 2019. Due to their profitability, they account for the majority of attacks.
In 2023, around 21,000 infected systems were detected daily and reported to German system providers as cyber crime.
With ongoing cyber protection, companies are strengthened against cyber crime both internally and externally, even after insurance has been taken out
As a digital cyber insurance agent, we offer comprehensive cyber protection that makes it easy for both insurance brokers and companies to insure themselves against growing cyber risks
High closing rate for insurance brokers
Thanks to a clear and highly automated process, combined with an intuitive brokerage portal, more deals can be completed in less time
Leading insurance offering
Through our market-leading “Cyber Safe” terms and conditions, we offer insurance coverage for companies with up to
200 million € turnover
Continuous risk monitoring
By scanning our policyholders' IT infrastructure on a weekly basis, cyber risks are identified at an early stage and cyber attacks are prevented
Companies are protected against financial damage and are continuously made aware of cyber attacks through loss prevention measures
prevention measures
Spear phishing training
Password creation template
Confidentiality Policy
Assistance services
Risk scan of the IT security situation
24/7 German crisis management
IT emergency plan template
IT security recommendations
Continuous service for the best possible cyber security
Access to cyber security partner network for companies
In the event of a claim, the scope of coverage of personal and third-party damage through cyber insurance is essential - Baobab cyber insurance includes the following:
24/7 emergency hotline
Revenue losses including cloud failure
Loss of revenue due to technical problems, including with the cloud provider
Data and system recovery
Property damage to IT hardware due to a cyber attack
Notifying affected data owners
Forensic investigation
“Bring Your Own Device” cover
Measures for security improvements following an attack
Cyber fraud coverage (e.g. fake president)
Advice on legal data protection obligations
Crisis/PR advice
Claims based on breaches of personal rights
Defence against unjustified claims for damages
Exemption from justified third-party claims
Claims for damages due to transmission of a virus
Claims based on name, copyright & trademark rights
media liability
Contractual penalties from the credit card industry (e-payment)
Contractual penalties for unlawful disclosure of confidential data
Contractual penalties due to delayed services
Violation of notification obligation
Weekly, free attack surface scan
Individual phishing simulation with subsequent training
Microsoft Active Directory IT Group Policy
Password creation template
Cyber IT crisis plan template
The same password for multiple accounts can already result in cyber hackers gaining access to your system and carrying out a ransomware attack - What a cyber attack looks like and what form of attack is behind it:
What is spear phishing? A definition:
Hackers create fake messages or websites to obtain confidential employee or company data.
Spear phishing case study:
In a spear phishing attack, sensitive data (account access credentials) from a variety of teacher and student accounts was stolen from several schools. These were then offered for sale on the Darknet. The cyber attack was detected through a routine examination of the school IT.
As a result, around 1,000 accounts were blocked. The first unsuspicious accounts could only be activated after just under a week. Normal operation was not possible for several weeks.
66% All Spear phishing emails were sent by BSI identified as a cyber attack
Definition:
Through vulnerabilities or misconfigurations in software systems, hackers can gain access to sensitive data, such as access rights, and steal it.
Case study:
A biotechnology company noticed unusual activity in its IT system and shut down all systems as a precaution. The hackers had actually penetrated the company's IT through a security vulnerability in the software system, as the company ignored software updates for a long time.
To prevent data breaches and damage, such as the theft of sensitive personal data, the software systems remained offline until the forensic investigation could be completed.
In German companies, a lack of employee capacity and failure to comply with updates often lead to monthly or years of undetected system vulnerabilities.
Definition:
Hackers aim to overburden a company's IT systems and can therefore cause operational disruptions or even a business interruption.
Case study:
An energy supplier was the victim of a DDoS attack. Since the attacks came from unknown bot networks across the world, it was particularly difficult to identify the hackers.
The energy supplier had to deal with restrictions and outages of its services, call in the State Criminal Police Office and set up a crisis team. The loss of revenue caused by the interruption of operations was one of the most financially significant effects.
germany is one of the countries most frequently affected by DDoS attacks in Europe.
Definition:
After hackers gain access to an internal system (e.g. email), they pretend to be a trustworthy source to entice ignorant employees to share sensitive (personal) data or transfer money.
Case study:
After hackers gained access to a company's email program, they posed as suppliers. They convinced one of the employees to transfer just under 290,000€ to a foreign account.
After the company identified the fraud and had to report the damage, the police, among others, were involved.
The biggest risk is often not due to a lack of IT security measures, but due to a lack of Information for employees.
Definition:
A cyber attack on a third-party provider from whom a company is purchasing services could result in an operational failure or a data breach at the company.
Case study:
After the IT service provider of a press agency was the victim of a cyber attack, the responsible hacker was able to gain access to sensitive data from around 1,500 employees of the press agency. The data included both payslips and sensitive personal data in the form of confidential account information.
This was a particularly critical cyber attack, as the service provider was responsible for printing and sending the press agency's payslips.
As a result, the hacker was able to access other sensitive personal data such as tax numbers, health and social security numbers, which resulted in compensation claims against the company.
Insurance coverage does not stop with cyber insurance for companies, but requires one full coverage.
Definition:
A method in which a hacker automatically tries out various password or key combinations to gain unauthorized access to an account or system.
Case study:
The online shop of a leading bookseller was the victim of a targeted brute force attack. The aim of the cyber attack: gain access to sensitive personal data (customer accounts).
An attacker spent hours testing countless password combinations, which made him successful with some customer accounts.
The company was forced to reset all passwords to avoid major damage from the cyber attack.
“Password” remains the most popular password internationally. This makes it much easier for hackers to access accounts with sensitive data.
Definition:
A ransomware attack uses malicious software to encrypt a company's critical files and systems.
Case study:
A medical device manufacturer was forced to shut down the entire IT system after falling victim to a ransomware attack. The areas of production, logistics, shipping and administration were severely restricted, so that the company was unable to deliver or ship.
Since the company was available again for online orders for the first time two weeks after the cyber attack, this led to severe loss of revenue.
A ransomware attack is currently one of biggest cyber risks for the German economy.
“A company's cyber security is not just an IT matter, but a cornerstone of the risk management of modern companies. Good cyber insurance is an integral and indispensable part of any solid risk management strategy.”
- Anton Foth, co-founder and CTO
Your personal customer portal is available to provide you with a holistic overview of your company's current security situation
Based on Baobab's attack surface scan, gain insight into your current Security situation
Recognize in no time Which divisions of the company You are most at risk
Put concrete action measures from your personal cyber security plan to
See the latest Security status of all providerswith which you share sensitive company data
Internationally are investments from companies to better cyber security since 2019 circa 250% increased - by 60% in 2023 alone.
2023 amounted to Total damage through cyber crime in Germany on 203 billion €. That is 5% of total German GDP.
The rising figures show that companies are at risk of cyber attacks recognize And yourself actively defend. Get started today with Baobab cyber insurance:
