Cyber risks - holistic IT security management
In the 2023 management report, the BSI warns that the use of artificial intelligence (AI) harbors risks in addition to its numerous opportunities, for example, using AI tools to automatically find software vulnerabilities and carry out cyber attacks. Increasingly, small and medium-sized companies are also falling victim to so-called ransomware attacks. According to BSI President Claudia Plattner, cybercrime causes a total of around 206 billion euros in damage per year in Germany alone.
Combined expertise for cybersecurity
The current threat situation makes it clear how important prevention is for companies of all types and sizes. For the Ecclesia Group, to which deas belongs, this is reason enough to combine and strengthen expertise in the field of cybersecurity in order to provide our customers with comprehensive support across all industries. At Ecclesia Cyber, deas experts come together with cyber specialists from the entire group. This is how we combine experience and expertise in the highly complex cybersecurity market with industry know-how, while simultaneously increasing our market penetration.
Robert Drexler, head of Ecclesia Cyber, emphasizes: “If we can cover solutions completely, our customers are not dependent on individual insurers or service providers. This enables us to set the framework conditions in their interest, which is clearly also our strategy and objective. Our USP is that we offer numerous insurer-independent solutions such as terms and conditions, risk consulting or 24/7 emergency support, either in-house or through specialized partners.”
Risk dialog: the door opener for risk transfer
As a result of the exponentially increasing demands of risk carriers, not only due to the NIS 2 directive, it is becoming increasingly difficult for many companies to find suitable insurance cover at all. With Ecclesia Cyber's risk dialog, we offer our customers an insurance-independent audit that can potentially open the door to securing cyber risks.
External, ISO-certified lead auditors with extensive practical experience
- assess the current state of cyber security and thus provide a professional evaluation of information security,
- give individual recommendations for action on how to close possible gaps or improve security processes, and
- provide support with the necessary know-how as well as a specialized network geared to cyber security.
The risk dialog was developed on the basis of the requirements of the cyber insurance market. After the audit has been carried out, the companies themselves decide how they want to deal with the results. Ecclesia Cyber provides support here with both an assessment of insurability and the planning of optimization measures. Depending on the company's decision, the detailed audit report can be used as a basis for approaching an insurer directly and placing the necessary and appropriate cover. Alternatively, the companies can initially use the findings – also with the help of Ecclesia Cyber – to increase their security standards, better protect themselves against attacks and increase their chances of risk transfer at good conditions. With our combined clout across a wide range of industries, we ensure that companies' cyber risks remain insurable in the long term by talking to insurers.
Four building blocks for effective risk management
Effective protection, however, involves more than just risk transfer. Rather, holistic risk management consists of four central building blocks that only in combination achieve lasting effectiveness:
- Organizational measures (e.g. review of the information security concept and creation of a contingency plan) ensure that companies remain capable of acting even in an emergency, thus keeping damage as low as possible.
- Personnel measures (e.g. special training for employees) are particularly important because more than two-thirds of cyber losses are caused or at least facilitated by a company's own employees.
- Technical measures (such as monitoring and hardening the network and systems or ensuring resilience through the use of appropriate tools) create hurdles for cybercriminals and enable those affected to take action in an emergency.
- Risk transfer (to a cyber insurance policy) then forms the conclusion, since even if all measures have been successfully implemented, a real and, possibly, considerable (financial) residual risk remains. Damages that arise, for example, from violations of the GDPR, business interruption, system recovery, forensics and, last but not least, loss of reputation, can quickly reach threatening financial heights. It is essential to choose the right insurance solution for your individual needs and with the appropriate scope.
Of course, our experts will support you in taking all necessary measures. This also means that if, despite all preventive measures, an emergency should occur and you need practical support in dealing with the cyber incident in addition to insurance cover.
Comprehensive support in an emergency
As an Ecclesia Cyber customer, you have access to our unique service provider network, which includes a 24/7 emergency hotline. In an emergency, this hotline offers first aid and forwards affected customers to a suitable and appropriately specialized company. This gives companies immediate access to legal support in the IT and data protection sector, crisis management in the event of major damage, and, if necessary, the help of specialized crisis PR agencies or IT forensic experts. Our network does everything to ensure that our customers remain able to act even in an emergency and that any damage is kept to a minimum.
In addition, companies can rely on our expertise and years of experience in the area of claims management. Our experts also become involved in the processing of claims and use their expertise and knowledge of current developments to vehemently advocate for the interests of our customers with the insurer.