German regulator BaFin to permit K+R cover for cyber risks


Blackmail by cyberattack has become more frequent: The offenders demand a ransom payment in exchange for hacked data and information or to release systems and functions that they have locked or disabled. The regulations regarding K+R cover and the payment of ransom in these circumstances vary from country to country.

Thus, although the US and the UK do not officially support payments in case of kidnapping or other ransom demands, the insurance markets in these countries offer private insurance against the financial losses derived from these payments. In Germany, the question of whether ransom money paid in these circumstances is insurable or not, has, until now, been disputed: K+R insurance cover generally has been allowed since 1998, as long as it is not combined with any other coverage.

Now the German Insurance Regulator BaFin has announced that it is about to liberalise the guidelines concerning kidnap and ransom insurance for cyber attacks. In consequence, a broader market penetration will be possible in future and K+R cover can be included in cyber policies in Germany.