• Home

  • Technology

  • EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?
9
Cyber Insurance EU General Data Protection Regulation (GDPR) ? Will Cyber Insurance cover your risks ?

EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Embed Size (px)

Citation preview

Page 1: EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Cyber Insurance

EU General Data Protection Regulation (GDPR) ? Will Cyber Insurance cover your risks ?

Page 2: EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Cyber Insurance

Cyber Insurance

THE GDPR – A NEW CHALLENGE FOR THE IT SECURITY PROFESSION

The EU General Data Protection Regulation (GDPR) is one of the most significant developments in data protection policy and regulation for years. The IT security profession is slowly starting to recognise its full extent for the processing of personal data secured ahead of GDPR coming into force in 2018.

Symantec and research firm Coleman Parks, conducted a study into how UK & Ireland organisations are prepared for this wide-ranging legal framework by questioning 260 CISOs from organisations with 1,000+ employees.

Page 3: EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Cyber Insurance

Cyber Insurance

UKI ORGANISATIONS FACE NON-COMPLIANCE RISKS LIKE NEVER BEFORE• 37% are fully-equipped to detect, report, remedy and recover organisationally from a breach.

• A further 37% while being able to report in the allocated timeframe, do not feel able to recover within 72 hours.

• 20% whilst able to report the breach, could not do so today within the mandated three days.

• Worst, 4% will improvise in a breach situation and 1% are confident they would not suffer a data breach.

37%

20%

37%

1%4%

We are fully equipped to detect, report, remedy and recover from data breaches

We should be able to report the breach within 72 hours’ notification requirement that applies to notifying regulators in the GDPR

We should be able to report the breach but not with 72 hours’ notification requirement that applies to notifying regulators in the GDPR

We will improvise as and if the situation presents itself

We don’t expect to suffer a data breach at all

Given the risks involved one traditional answer is to get insured, notably against the financial damage a data breach would cause.

Page 4: EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Cyber Insurance

.

CYBER INSURANCE – THE REALITY

What is your experience of trying or actually insuring against Cyber risks?

No experience, we have never done it

We couldn’t get insured

We are insured but not comprehensively covered

We are fully covered

Although many Cyber Insurance policies are written out of Lloyd’s of London according to “What Every CISO Needs to Know About Cyber Insurance” whitepaper, only a third of UK and Ireland organisations are currently fully covered against Cyber risks. Is this because of a lack of awareness of the Cyber Essentials scheme launched in 2014?

Surprisingly, the Hospitality (57%) and Education (50%) sectors are the most covered while almost a third of the Financial Services and Manufacturing organisations couldn’t get insured.

31%

35%

15%

20%

http://https://www.symantec.com/content/en/us/enterprise/white_papers/what-every-ciso-needs-to-know-cyber-insurance-21359962-wp.pdf
http://https://www.symantec.com/content/en/us/enterprise/white_papers/what-every-ciso-needs-to-know-cyber-insurance-21359962-wp.pdf
http://https://www.gov.uk/government/publications/cyber-essentials-scheme-overview
Page 5: EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Cyber Insurance

Cyber Insurance

CYBER INSURANCE – THE PLANNINGSet to triple in the next five years from $2.5 billion in 2015 to $7.5 billion by 2020 according to PwC, the Cyber Insurance market is one of the highest-growth areas.

However, the study found EU regulation is something 75% of UK and Ireland organisations are not planning to insure against the GDPR as soon as it comes into effect.

Is the risk of GDPR something your organisation is planning to insure against ?

Insured on time Likely not insured on time

25% 34%Insured when the GDPR

comes into effectInsured 6 months to 2

years after GDPR comesinto effect

41%Insured 2-5 months afterGDPR comes into effect

http://http://www.ciodive.com/news/2016-could-be-the-year-of-cyber-insurance/415328/
Page 6: EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Cyber Insurance

CYBER INSURANCE - WHEN A BREACH OCCURSDespite only 26% of respondents stating their Cyber Insurance covers government compliance penalties, 82% would benefit from a pay-out.

For UK and Ireland organisations between 5,000 and 9,999 employees, 100% would be recompensed, compared to 59% for smaller organisations of 1,000 to 4,999 employees.

How well would a pay-out under Cyber insurance recompense your business in the event of a breach?

82%

79%

76%

75%

71%

70%

80%Government compliance penalties

Reputational loss

Data loss

Blackmail pay-outs

Financial loss to the business

Remediation via third party incident response

Operational downtime

The respondents did, however, stated they would expect to get on average 55% of their total loss back.

Page 7: EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Cyber Insurance

Cyber Insurance

CYBER INSURANCE – THE BENEFITSCyber attacks can massively impact brand, reputation, and business operations. Proactively planned Cyber Insurance can cover goods, intellectual property (IP) and other digital assets moving through the organisation by:

Symantec has partnered with key Cyber Insurance thought leaders to shed light on essential Cyber Insurance tenets and reviewing the frequently asked questions asked by organisations globally. The business relevance of Cyber is here to stay. Working with a provider, such as Symantec can strengthen Cyber defence and reduce premiums.

1

32

Closing the gap between traditional coverage and

current needs

Helping cope with unexpected costs,

notably those from data breaches

Providing the necessary resources for Data Breach Responses

Page 8: EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Cyber Insurance

FIVE STEPS TO GET READY FOR THE GDPR

For more insights, click here: http://www.symantec.com/en/uk/data-privacy/

Treat GDPR compliance as a board-level issue for organisations. Form a governance group under the direction of the CISO, CIO and Data Protection Officer and make sure they are involved in Cyber Insurance decisions too.

Understand and map the data you collect and process, directly and via third parties. Devise and test the mechanisms to delete data with confidence.

Assess your organisation’s current policies and whether the level of security offered by and procedures offers adequate protection against unauthorised processing and/or data loss. After doing so, re-evaluate whether you are purchasing the right types of Cyber Insurance coverage, not only the right amount.

Take a ‘Privacy by Design’ approach to re-engineer processes and policies which involve the processing of personal data to ensure compliance happens by default. New insurance tools and offerings should also be fully considered at this stage.

Urgently review your breach notification processes to assess whether your organisation can investigate the extent of any compromise within the 72-hour notification deadline. If not, review your Cyber Insurance coverage once again, or be ready to pay large fines.

1

2

3

4

5

In addition to getting insured against GDPR, Symantec recommends to follow these steps:

http://www.symantec.com/en/uk/data-privacy/
Page 9: EU General Data Protection Regulation (GDPR) - will Cyber Insurance cover your risks ?

Copyright © 2016 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are

trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be

trademarks of their respective owners.

Symantec EMEA Headquarters350 Brook Drive, Green Park, Reading RG2 6UH

Tel: +44 (0)870 243 1080


Cyber Risks

Cyber Risks

Documents
NIS, GDPR and Cyber Security: Convergence of …NIS, GDPR and Cyber Security: Convergence of Cyber and Compliance Risk Tony Drewitt –Head of Consultancy IT Governance Ltd IT Governance

NIS, GDPR and Cyber Security: Convergence of …NIS, GDPR and Cyber Security: Convergence of Cyber and Compliance Risk Tony Drewitt –Head of Consultancy IT Governance Ltd IT Governance

Documents
Protecting Your Business From Cyber Risks

Protecting Your Business From Cyber Risks

Law
Cyber & Data Risks - Verlingue · 2020-03-20 · Cyber Insurance Cyber & Data Risks. Cyber Insurance Cyber crime is the world’s fastest growing criminal activity and is the single

Cyber & Data Risks - Verlingue · 2020-03-20 · Cyber Insurance Cyber & Data Risks. Cyber Insurance Cyber crime is the world’s fastest growing criminal activity and is the single

Documents
Presentation to Holborn on Cyber Risks and Insurance · Presentation to Holborn on Cyber Risks and Insurance November 3, 2016 Agenda Overview of cyber risks ... for “physical loss”

Presentation to Holborn on Cyber Risks and Insurance · Presentation to Holborn on Cyber Risks and Insurance November 3, 2016 Agenda Overview of cyber risks ... for “physical loss”

Documents
Managing Cyber Risks - Dinsmore & Shohl

Managing Cyber Risks - Dinsmore & Shohl

Documents
Managing Cyber Risks Full Report

Managing Cyber Risks Full Report

Documents
GDPR: demanding new privacy rights and obligations - ey.com · simultaneously trying to do everything possible to protect their organizations from cyber risks that come from the outside

GDPR: demanding new privacy rights and obligations - ey.com · simultaneously trying to do everything possible to protect their organizations from cyber risks that come from the outside

Documents
Komfo Seminar - GDPR and cyber security (Part 2)

Komfo Seminar - GDPR and cyber security (Part 2)

Social Media
SANS The Top Cyber Security Risks - Provision The Top Cyber Security Risks.pdf · The Top Cyber Security Risks Two risks dwarf all others, but organizations fail to mitigate them

SANS The Top Cyber Security Risks - Provision The Top Cyber Security Risks.pdf · The Top Cyber Security Risks Two risks dwarf all others, but organizations fail to mitigate them

Documents
FROM CYBER RISKS TO CYBER INSURANCE - Munich Re

FROM CYBER RISKS TO CYBER INSURANCE - Munich Re

Documents
IMPACT OF THE GDPR ON CYBER SECURITY OUTCOMES

IMPACT OF THE GDPR ON CYBER SECURITY OUTCOMES

Documents
Managing Escalating Cyber Risks in Australia · IDC InfoBrief: Managing Escalating Cyber Risks in Australia: The Bigger Role of Cyber Insurance Sponsored by 3 The True Cost of Cyber

Managing Escalating Cyber Risks in Australia · IDC InfoBrief: Managing Escalating Cyber Risks in Australia: The Bigger Role of Cyber Insurance Sponsored by 3 The True Cost of Cyber

Documents
Defuse your Cyber Risks - cyway.one

Defuse your Cyber Risks - cyway.one

Documents
GDPR Cyber Insurance 11/1/2017

GDPR Cyber Insurance 11/1/2017

Technology
Managing Cyber Risks Across A Global Organization - …€¦ · Managing Cyber Risks Across A ... The one toolto manage themall ... Managing Cyber Risks Across A Global Organization

Managing Cyber Risks Across A Global Organization - …€¦ · Managing Cyber Risks Across A ... The one toolto manage themall ... Managing Cyber Risks Across A Global Organization

Documents
AssessInG Cyber seCUrIty exPort rIsKs - techUK · AssessInG Cyber seCUrIty exPort rIsKs Human Rights | National Security Cyber Growth Partnership Industry Guidance 8232_cbe_e__La

AssessInG Cyber seCUrIty exPort rIsKs - techUK · AssessInG Cyber seCUrIty exPort rIsKs Human Rights | National Security Cyber Growth Partnership Industry Guidance 8232_cbe_e__La

Documents
Cyber and Data Security Risks - American … Cyber and Data Security Risks and the Real Estate Industry The risks associated with data security and cyber breaches continue to grow,

Cyber and Data Security Risks - American … Cyber and Data Security Risks and the Real Estate Industry The risks associated with data security and cyber breaches continue to grow,

Documents
Vendor Contracts & Cyber Risks

Vendor Contracts & Cyber Risks

Law
GDPR Preparedness: An Indicator of Cyber Risk Management · a higher level of GDPR readiness were also more than 1.5 times as likely to purchase or strengthen their cyber risk insurance,

GDPR Preparedness: An Indicator of Cyber Risk Management · a higher level of GDPR readiness were also more than 1.5 times as likely to purchase or strengthen their cyber risk insurance,

Documents
Cyber Security For Utilities Risks, Trends & …toronto.ieee.ca/files/2017/03/Cyber-Cyber-Security-for...Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto – March

Cyber Security For Utilities Risks, Trends & …toronto.ieee.ca/files/2017/03/Cyber-Cyber-Security-for...Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto – March

Documents
Global Risks Insights Geopolitical Risks Cyber Risks · Global Risks Insights Geopolitical Risks Cyber risks scenario for business Counting the cost of growing societal threats Cyber

Global Risks Insights Geopolitical Risks Cyber Risks · Global Risks Insights Geopolitical Risks Cyber risks scenario for business Counting the cost of growing societal threats Cyber

Documents
DH06 GDPR: Risks and Recommendations from the PHUSE Data … · 2019. 11. 26. · DH06 GDPR: Risks and Recommendations from the PHUSE Data Transparency Working Group Shannon Labout,

DH06 GDPR: Risks and Recommendations from the PHUSE Data … · 2019. 11. 26. · DH06 GDPR: Risks and Recommendations from the PHUSE Data Transparency Working Group Shannon Labout,

Documents
Knowing cyber risks is essential to manage cyber liabilities CYBER SECURITY TO REDUCE CYBER LIABILITY

Knowing cyber risks is essential to manage cyber liabilities CYBER SECURITY TO REDUCE CYBER LIABILITY

Documents
GDPR, Cyber Security and Archives in the digital era · GDPR, Cyber Security and Archives in the digital era Vesselin Stoilov | CIO Adelina Kostova | DPO Elena Mena | Marketing manager

GDPR, Cyber Security and Archives in the digital era · GDPR, Cyber Security and Archives in the digital era Vesselin Stoilov | CIO Adelina Kostova | DPO Elena Mena | Marketing manager

Documents
Top Cyber Security Risks September 2009

Top Cyber Security Risks September 2009

Documents
Cyber Risks: Understanding The Unknown

Cyber Risks: Understanding The Unknown

Economy & Finance
Cyber Risks and Insurance - maritimelondon.com€¦ · Cyber Risks and Insurance Cyber Risk and Insurance – An Introduction to Cross Class Liabilities The Purpose of this Paper

Cyber Risks and Insurance - maritimelondon.com€¦ · Cyber Risks and Insurance Cyber Risk and Insurance – An Introduction to Cross Class Liabilities The Purpose of this Paper

Documents
Cyber Risks, Social Media and Insurance

Cyber Risks, Social Media and Insurance

Law
Cyber risks and liabilities February 2017

Cyber risks and liabilities February 2017

Business