• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
ITMediaLaw - Rechtsanwalt Marian Härtel
Warenkorb
Plugin Install : Cart Icon need WooCommerce plugin to be installed.
  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
ITMediaLaw - Rechtsanwalt Marian Härtel
Home Other

Cyber insurance refuses to pay benefits after hacker attack due to false information

18. June 2024
in Other
Reading Time: 3 mins read
0 0
A A
0
d18d1e1d82c0cecc1bcb94866a5316f4
Key Facts
  • Kiel Regional Court ruled that cyber insurance is exempt from payment due to false information in the application.
  • The timber wholesaler had declared insufficient IT security despite providing false information in the insurance application.
  • Important systems were equipped with outdated operating systems and without virus protection, which led to a hacker attack.
  • The IT manager >must have recognized the security flaws and could have checked them, which was considered malice.
  • The ruling emphasizes the importance of correct answers to risk questions in cyber insurance policies.
  • External security experts can help to objectively assess the IT security situation and mitigate risks.
  • The ruling reminds companies to take their IT security seriously and not just rely on insurance cover.

In a ruling dated 23.05.2024 (Ref. 5 O 128/21), the Regional Court of Kiel ruled that a cyber insurance policy is exempt from payment due to false information in the insurance application. The insurer had contested the contract on the grounds of fraudulent misrepresentation after the insured company, a timber wholesaler, suffered a hacker attack resulting in significant damage.

Content Hide
1. Inadequate IT security despite information to the contrary
2. Fraudulent misrepresentation leads to exemption from benefits
3. Significance for companies and insurance companies

Inadequate IT security despite information to the contrary

In this case, when taking out cyber insurance in 2020, the timber wholesaler had stated, among other things, that all work computers were equipped with up-to-date malware detection and that available security updates were carried out without culpable hesitation. However, there were actually several servers in use with outdated, insecure operating systems for which updates were no longer available. The employee responsible for IT at the timber wholesaler stated during the trial that he had “deliberately overlooked” the systems in question when answering the risk questions. These were not subordinate computers, but servers with central functions for operations. An unprotected server with an outdated Windows system served as a connection between the web store and the company’s merchandise management system. For companies with complex IT systems in particular, it can make sense to commission external security experts to carry out an objective review of the system landscape. An external perspective often makes it easier to identify weaknesses than internal employees, who may be blind to the company’s operations or do not have an overview of all areas due to time constraints. Such a security analysis can also help to correctly present IT security to insurers and avoid unpleasant surprises in the event of a claim.

Fraudulent misrepresentation leads to exemption from benefits

The court considered the false information to be fraudulent misrepresentation on the part of the insurer, as the questions were answered incorrectly “in the blue”. The responsible IT manager could and should have recognized the security deficiencies. Due to the fraudulent misrepresentation, the insurance contract was null and void so that the insurer did not have to pay out. the decisive factor for the court’s assessment was that the inadequately protected systems had central functions in the company. The outdated Windows server was essential as a connection between the web store and merchandise management. The domain controller for managing access rights in the network was also still in an insecure delivery state. In the case of such important systems, the court could not believe that their security deficiencies had remained hidden from the IT manager, who, according to an expert witness, could have quickly checked that the virus protection and security updates were up-to-date by looking at the administration consoles. The fact that he had failed to do so before answering the risk questions was considered by the court to be an indication of fraudulent intent. Especially when taking out cyber insurance, the person responsible must be aware of how important the insurer takes the information on IT security.

Significance for companies and insurance companies

The ruling shows how important it is to answer risk questions correctly for cyber insurance policies. Companies must ensure that their IT security standards correspond to the information in insurance applications in order to be covered in the event of a claim. False statements, even if they are only made negligently, can lead to the insurer being released from its obligation to indemnify, and it can make sense for larger companies with complex IT systems in particular to have the risk questions answered by external security experts. This allows the actual security situation to be assessed objectively and presented correctly. It is also advisable to have penetration tests and vulnerability analyses carried out by specialized service providers at regular intervals in order to improve IT security overall. For insurers, the decision means that they can invoke fraudulent misrepresentation as a “sharp sword” if false statements can be proven. In view of the increasing threat of cybercrime, many insurers are likely to revise and specify their risk questions in order to avoid disputes and limit their exposure. Overall, the judgment of the Regional Court of Kiel is to be welcomed, as it underlines the importance of a truthful risk declaration and enables insurers to keep their liability risk calculable. It reminds companies to take their IT security seriously and not to rely solely on insurance cover. Because even with a cyber policy, prevention is better than cure.

Tags: DomainEmployeesIT SecurityJudgmentServerSicherheit

Weitere spannende Blogposts

BGH on time limits and costs and closing letters for preliminary injunctions.

BGH considers Uber Black to be anti-competitive
26. May 2023

Introduction The landscape of German law is constantly in flux, characterized by ongoing adjustments and clarifications. A central role in...

Read moreDetails

Laser tag endangering young people? Administrative court decides

Laser tag endangering young people? Administrative court decides
21. March 2019

Is Lasertag a sport/recreational event that endangers young people? This is at least as controversial a question as the question...

Read moreDetails

Blockchain and smart contracts

Blockchain and smart contracts
10. October 2024

Blockchain technology and smart contracts have the potential to revolutionize numerous industries and enable new business models. These technologies offer...

Read moreDetails

Liability risks for esports teams when working with pseudo-self-employed players

Liability risks for esports teams when working with pseudo-self-employed players
13. December 2022

Introduction: Why are esports teams vulnerable to liability risks from independent players? Esports teams are at high risk when working...

Read moreDetails

Defense clause on websites: Not a good idea

New info on the status of the State Media Treaty
12. March 2019

Because I just stumbled across an imprint of a page and had to smile again, another post today at a...

Read moreDetails

Tech nerd as lawyer: my path and why my tech expertise is an advantage

Tech nerd as lawyer: my path and why my tech expertise is an advantage
31. March 2023

I have been playing computer games since I was 6 years old and have been in the computer game industry...

Read moreDetails

Smart Contracts: Neither Smart nor Contracts ;-)

Smart Contracts: Neither Smart nor Contracts ;-)
1. November 2023

The quote "Smart contracts are neither smart nor contracts" comes from a legal perspective and is thought-provoking, especially for the...

Read moreDetails

Innovations in data protection law: ECJ ruling lowers hurdles for GDPR fines

Innovations in data protection law: ECJ ruling lowers hurdles for GDPR fines
8. January 2024

The judgment of the European Court of Justice (ECJ) of December 5, 2023 in case C-807/21 concerns the interpretation of...

Read moreDetails

Cybersecurity tightening in 2025

Cybersecurity tightening in 2025
10. October 2024

As an IT lawyer with many years of experience in advising technology start-ups and SaaS companies, I would like to...

Read moreDetails
Default judgment

Default judgment

25. June 2023

A default judgment is a term used in legal terminology that refers to a judgment rendered by a court in...

Read moreDetails
co produktionsvertrag

GbR – civil law partnership

24. June 2023
23600238 fc76 4626 bd40 a2606a0d02d0 202615361

SPAC (Special Purpose Acquisition Company)

29. March 2025
Howey test

Blockchain law

24. June 2023
Corporate Venture Capital (CVC)

Corporate Venture Capital (CVC)

16. October 2024

Podcast Folgen

Rechtliche Grundlagen und Praxis von Open Source in der Softwareentwicklung

Rechtliche Grundlagen und Praxis von Open Source in der Softwareentwicklung

19. April 2025

In dieser Episode werfen Anna und Max einen Blick auf die rechtlichen Grundlagen rund um den Einsatz von Open-Source-Software in...

Legal challenges when implementing confidential computing: data protection and encryption in the cloud

Smart Contracts und Blockchain

22. December 2024

In dieser fesselnden Podcast-Episode tauch ich tief in die Welt der Blockchain-Technologie und Smart Contracts ein. Die 25-minütige Folge beleuchtet,...

Der IT Media Law Podcast. Folge Nr. 1: Worum geht es hier eigentlich?

Der IT Media Law Podcast. Folge Nr. 1: Worum geht es hier eigentlich?

26. August 2024

Yeah, die erste richtige Folge mit mir selbst! In diesem Podcast tauchen wir ein in die spannende Welt des IT-Rechts...

Influencer und Gaming: Rechtliche Herausforderungen in der digitalen Unterhaltungswelt

Influencer und Gaming: Rechtliche Herausforderungen in der digitalen Unterhaltungswelt

25. September 2024

In dieser fesselnden Folge nimmt Rechtsanwalt Marian Härtel die Zuhörer mit auf eine spannende Reise durch die dynamische Welt der...

  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung