Deception when taking out insurance: Kiel judgment shocks tradesmen!

Deception when taking out insurance: Kiel judgment shocks tradesmen!

More and more craft businesses, especially small and medium-sized companies, are becoming the target of cyber crime. The consequences of cyber attacks are often serious and range from operational failures to financial extortion to serious data loss. In this context, cyber insurance is becoming increasingly important as it offers protection against such risks. However, potential policyholders must provide accurate information when purchasing cyber insurance, as incorrect information can cause significant problems. So reported Craft sheet that an insurer can refuse to settle claims if the customer cheats when taking out the contract.

A current case before the Kiel Regional Court illustrates the consequences of false information. When applying for cyber insurance, the customer stated that all work computers were equipped with the latest software and security updates had been carried out. In reality, several computers were out of date and no anti-malware software existed. The Windows 2008 computer used for the web shop was particularly critical because its security updates had already expired. After a cyber attack, operations were temporarily shut down and the insurer refused to pay out, leading to litigation.

Court ruling and consequences

In this case, the Kiel Regional Court decided that the insurance company did not have to pay for the damage due to fraudulent misrepresentation. The crucial information on IT security that was necessary to assess the risk of the insurance contract was provided incorrectly. The responsible employee had answered the questions in the questionnaire without sufficient checking and fraudulently provided the incorrect information. The court found that the employee had not checked the security status of the IT himself and could not remember having ordered such a check. This judgment, which was made on May 23, 2024 (ref. 5 O 128/21), underlines the need for companies to carefully check information on IT security.

As part of the reasons for the judgment, reference was made to Section 123 of the German Civil Code (BGB), which allows a contract to be challenged due to fraudulent misrepresentation. In the event of fraudulent deception, the contract becomes retroactively void, which can have serious financial consequences for the company concerned. In the event of gross negligence, the insurer could also reduce the damage, which can further aggravate the situation for the policyholder. Therefore, when taking out cyber insurance, it is advisable to involve several people in checking the answers in the questionnaire to ensure that all the information is correct.

Potential customers also need to be aware that insurance coverage requirements have increased in recent years. They often have to fill out extensive risk assessment questionnaires, and untrue answers can irreversibly jeopardize settlement in the event of a claim. In-depth knowledge of IT security and its documentation is essential for every craft business in order to be optimally protected in the event of an emergency.