Upload
symantec
View
546
Download
0
Embed Size (px)
Citation preview
Cyber Insurance
EU General Data Protection Regulation (GDPR) ? Will Cyber Insurance cover your risks ?
Cyber Insurance
Cyber Insurance
THE GDPR – A NEW CHALLENGE FOR THE IT SECURITY PROFESSION
The EU General Data Protection Regulation (GDPR) is one of the most significant developments in data protection policy and regulation for years. The IT security profession is slowly starting to recognise its full extent for the processing of personal data secured ahead of GDPR coming into force in 2018.
Symantec and research firm Coleman Parks, conducted a study into how UK & Ireland organisations are prepared for this wide-ranging legal framework by questioning 260 CISOs from organisations with 1,000+ employees.
Cyber Insurance
Cyber Insurance
UKI ORGANISATIONS FACE NON-COMPLIANCE RISKS LIKE NEVER BEFORE• 37% are fully-equipped to detect, report, remedy and recover organisationally from a breach.
• A further 37% while being able to report in the allocated timeframe, do not feel able to recover within 72 hours.
• 20% whilst able to report the breach, could not do so today within the mandated three days.
• Worst, 4% will improvise in a breach situation and 1% are confident they would not suffer a data breach.
37%
20%
37%
1%4%
We are fully equipped to detect, report, remedy and recover from data breaches
We should be able to report the breach within 72 hours’ notification requirement that applies to notifying regulators in the GDPR
We should be able to report the breach but not with 72 hours’ notification requirement that applies to notifying regulators in the GDPR
We will improvise as and if the situation presents itself
We don’t expect to suffer a data breach at all
Given the risks involved one traditional answer is to get insured, notably against the financial damage a data breach would cause.
Cyber Insurance
.
CYBER INSURANCE – THE REALITY
What is your experience of trying or actually insuring against Cyber risks?
No experience, we have never done it
We couldn’t get insured
We are insured but not comprehensively covered
We are fully covered
Although many Cyber Insurance policies are written out of Lloyd’s of London according to “What Every CISO Needs to Know About Cyber Insurance” whitepaper, only a third of UK and Ireland organisations are currently fully covered against Cyber risks. Is this because of a lack of awareness of the Cyber Essentials scheme launched in 2014?
Surprisingly, the Hospitality (57%) and Education (50%) sectors are the most covered while almost a third of the Financial Services and Manufacturing organisations couldn’t get insured.
31%
35%
15%
20%
Cyber Insurance
Cyber Insurance
CYBER INSURANCE – THE PLANNINGSet to triple in the next five years from $2.5 billion in 2015 to $7.5 billion by 2020 according to PwC, the Cyber Insurance market is one of the highest-growth areas.
However, the study found EU regulation is something 75% of UK and Ireland organisations are not planning to insure against the GDPR as soon as it comes into effect.
Is the risk of GDPR something your organisation is planning to insure against ?
Insured on time Likely not insured on time
25% 34%Insured when the GDPR
comes into effectInsured 6 months to 2
years after GDPR comesinto effect
41%Insured 2-5 months afterGDPR comes into effect
Cyber Insurance
CYBER INSURANCE - WHEN A BREACH OCCURSDespite only 26% of respondents stating their Cyber Insurance covers government compliance penalties, 82% would benefit from a pay-out.
For UK and Ireland organisations between 5,000 and 9,999 employees, 100% would be recompensed, compared to 59% for smaller organisations of 1,000 to 4,999 employees.
How well would a pay-out under Cyber insurance recompense your business in the event of a breach?
82%
79%
76%
75%
71%
70%
80%Government compliance penalties
Reputational loss
Data loss
Blackmail pay-outs
Financial loss to the business
Remediation via third party incident response
Operational downtime
The respondents did, however, stated they would expect to get on average 55% of their total loss back.
Cyber Insurance
Cyber Insurance
CYBER INSURANCE – THE BENEFITSCyber attacks can massively impact brand, reputation, and business operations. Proactively planned Cyber Insurance can cover goods, intellectual property (IP) and other digital assets moving through the organisation by:
Symantec has partnered with key Cyber Insurance thought leaders to shed light on essential Cyber Insurance tenets and reviewing the frequently asked questions asked by organisations globally. The business relevance of Cyber is here to stay. Working with a provider, such as Symantec can strengthen Cyber defence and reduce premiums.
1
32
Closing the gap between traditional coverage and
current needs
Helping cope with unexpected costs,
notably those from data breaches
Providing the necessary resources for Data Breach Responses
Cyber Insurance
FIVE STEPS TO GET READY FOR THE GDPR
For more insights, click here: http://www.symantec.com/en/uk/data-privacy/
Treat GDPR compliance as a board-level issue for organisations. Form a governance group under the direction of the CISO, CIO and Data Protection Officer and make sure they are involved in Cyber Insurance decisions too.
Understand and map the data you collect and process, directly and via third parties. Devise and test the mechanisms to delete data with confidence.
Assess your organisation’s current policies and whether the level of security offered by and procedures offers adequate protection against unauthorised processing and/or data loss. After doing so, re-evaluate whether you are purchasing the right types of Cyber Insurance coverage, not only the right amount.
Take a ‘Privacy by Design’ approach to re-engineer processes and policies which involve the processing of personal data to ensure compliance happens by default. New insurance tools and offerings should also be fully considered at this stage.
Urgently review your breach notification processes to assess whether your organisation can investigate the extent of any compromise within the 72-hour notification deadline. If not, review your Cyber Insurance coverage once again, or be ready to pay large fines.
1
2
3
4
5
In addition to getting insured against GDPR, Symantec recommends to follow these steps:
Copyright © 2016 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are
trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
Symantec EMEA Headquarters350 Brook Drive, Green Park, Reading RG2 6UH
Tel: +44 (0)870 243 1080