Liability in company management for damages caused by cyber attacks on the company

Cyber-related risks are company risks, too

Cyber attacks can cause significant damage in the form of things like operational downtime, or they can result in high costs from forensic investigations following an attack.

Every cyber attack can result in a DSGVO violation. Companies are increasingly being fined for DSGVO violations.

Digital security is, therefore, management’s responsibility, as Deutscher Anwaltspiegel magazine points out.

Under certain circumstances, company management can be held liable if IT security obligations are not fulfilled.

In some cases, management is even required to set up a special IT risk-management system and to keep it up to date with the latest technology.

In principle, there is therefore a risk that the management will be personally liable for regress.

Irrespective of this, insurance coverage often exists only if it can be proven that precautions have been taken (especially for the prevention of cyber risks) and that things have been kept up to date. Even where it exists, it can be limited.

The decisive factor for the question of due diligence in the area of cybersecurity is always the individual needs of the company, depending on the specific risk profile.

Company managers therefore have a vested personal interest in systematic cybersecurity management that takes the entire company into account ─  from classic office IT, to the security of operational technology (OT and IOT), which, due to ever-increasing networking, is exposed to significantly higher risks.

Are OT and IoT security issues for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.