First cyber insurance law case in Germany
Source: Middle East Insurance Review | Sep 2023
In a significant legal precedent, a regional court in Germany has delivered the first judicial decision concerning cyber insurance in the country. The ruling rendered by the regional court of Tübingen has initiated extensive discussion within the insurance sector.
According to an insight published online by Clyde & Co about the new ruling addressed prevalent areas of coverage objections in cyber insurance claims, including pre-contractual disclosure duties, risk increase and gross negligence leading to the insured event.
The court ruled in favour of the insured, dismissing the coverage defense presented by the insurer. Specifically, the court rejected the insurer’s argument that the insured caused the loss by failing to implement common IT measures to prevent cyber attacks. The court asserted that the insurer could have examined this specific IT security condition during the pre-contractual risk assessment phase.
The court determined that the insured had successfully demonstrated that any potential breach of the pre-contractual duty of disclosure neither caused the insured event nor affect the determination or scope of coverage.
The court also dismissed the insurer’s objection of an increase in risk, as the contract explicitly stated that the insurer’s obligation to grant coverage would only cease if the increase in risk directly caused the insured event or affected the scope of the benefit obligation. According to the court’s ruling, the condition of gross negligence in causing the insured event, does not apply in this case, and consequently, the claim is not subject to reduction.
Clyde & Co said that although this decision marks a significant milestone in German cyber insurance case law, it is yet to be seen if this ruling will withstand the test of time given the novelty of cyber insurance law. Its future influence hinges on whether other courts, and in particular appeal courts, will validate this line of jurisprudence. M