Cyber insurers cash in on GDPR


Carolyn Cohn

Europe’s GDPR, which took effect today, has been billed as the biggest shake-up of data privacy laws since the birth of the web. Stock Image: PA
Europe’s GDPR, which took effect today, has been billed as the biggest shake-up of data privacy laws since the birth of the web. Stock Image: PA

Data privacy rules coming into force this week are giving Europe's fledgling cyber-insurance market a boost as they make companies more aware of the risks caused by customer information breaches.

Europe's General Data Protection Regulation (GDPR), which takes effect on Friday, has been billed as the biggest shake-up of data privacy laws since the birth of the web.

It aims to give EU citizens more rights over their online information and threatens fines of up to 4pc of a company's annual revenue for serious infringements.

This includes failure to notify regulators of breaches within 72 hours.

The law brings Europe more closely into line with the United States, where many states have for several years required firms to notify regulators about data breaches. Insurers say the directive, together with major cyberattacks like last year's WannaCry and NotPetya viruses, is driving demand in Europe for cyber insurance - a sector seen as relatively profitable.

Cyber cover can pay for anything from the repair of IT systems after a data breach, to compensation for lost business, legal costs and even for a public relations firm to patch up damaged reputations.

The number of syndicates offering cyber insurance in the giant Lloyd's of London commercial insurance market jumped by more than 20pc last year to over 70. Lloyd's CEO Inga Beale told Reuters by email that gross written premiums for European cyber insurance could total more than $2bn (€1.7bn) annually by 2020, partly as a result of the new directive. (Reuters)