This document discusses cyber privacy insurance and the General Data Protection Regulation (GDPR). It provides an overview of data breach costs by industry. GDPR fines can be up to 20 million Euros or 4% of annual global turnover for breaches. Under GDPR, breaches must be reported to regulators within 72 hours and affected individuals if there is a high risk. The document also summarizes common cyber insurance coverage types like crisis management, cyber extortion, data asset protection, and business interruption. It analyzes past insurance claims payouts and causes of loss. Websites for cyber insurance quotes and resources are also listed.

1. 1
GDPR & Cyber Privacy Insurance
Nikos Georgopoulos, MBA, cyRM
Cyber Risks Advisor

2. Contents
• Corporate Assets
• Data Breach Costs
• The Data Protection Landscape - GDPR
• The DPO Academy
• A Simplified Overview of a Data Breach
• Cyber Insurance Covers at a glance
• Cyber Insurance Claims Analysis
• Categories of Information Insurers Need to Underwrite Cyber risk
• Cyber Secure Solution
• www.cyberinsurancequote.gr
• Cyber Risks Advisors LinkedIn Group
• www.privacyrisksadvisors.com
• www.cyberinsurancegreece.com
• Resources
• More Information
2

3. Corporate Assets
3

4. The Average per Capita Cost of Data Breach per Industry
4
2014 – Cost of Data Breach Study global – Ponemon Institute Research Report

5. GDPR
5

6. 6
The Data Protection Landscape - GDPR
General Data Protection Regulation
• Fines - of up to EUR 20m or 4% of annual global turnover for breaches
of the rules
• Breach notification:
– Regulator - “without undue delay” and where feasible within 72 hours
– Affected Individuals – only where breaches likely to pose a high risk
• Data Protection Officers
• Privacy Impact Assessment
• Incident Response Plan
• Controllers & Processors
• Information Security/Privacy Policies and Procedures

7. The DPO Academy (www.dpoacademy.com)
7

8. The DPO Academy LinkedIn Group
8

9. 9
A Simplified Overview of a Data Breach

10. Cyber Insurance Covers
10

11. Insurance Covers at a Glance
First Party Coverage
• Crisis Management & Identity Theft Response: Expenses for communications to notify affected
customers, provide credit monitoring services, conduct forensic investigations, and for expenses
incurred in retaining a crisis management or public relations firm for the purpose of protecting/
restoring the organization’s reputation.
• Cyber Extortion: Expenses to pay ransom or investigate a threat to release, divulge, disseminate,
destroy, steal, or use confidential information; introduce malicious code into a computer system;
corrupt, damage or destroy a computer system, or restrict or hinder access to a computer system.
• Data Asset Protection: Recovery of your costs and expenses incurred to restore, recreate or regain
access to any software or electronic data from back-ups or from originals or to gather, assemble
and recreate such software or electronic data from other sources to the level or condition in which
it existed immediately prior to its alteration, corruption, destruction, deletion or damage. Network
• Business Interruption: Reimbursement for loss of income and/or extra expense resulting from an
interruption or suspension of systems.
Third Party Coverage
• Network Security Liability: Covers claims from third parties arising from a breach in network
security or transmission of malware/viruses to third party computers and systems.
• Privacy Liability: Covers claims from third parties as a result of a failure to properly handle,
manage, store or otherwise protect personally identifiable information, confidential corporate
information, and unintentional violation of privacy regulations.
11

12. Cyber Claims Analysis
12

13. Cyber Claims Analysis
13

14. Claims Payouts by Type of Cost
14
NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims

15. Claims by Cause of Loss
15
NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims

16. Claims Allocation by Business Sector
16
NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims

17. Information Insurers Need to Underwrite Cyber
• Industry / turnover
• Data – amount and type
• Dedicated Information Security Resources
• Information Security Policies and Procedures
• Employee Education
• Incident Response Planning
• Vendor Management
• Board Oversight
• Claims experience
• GDPR Compliance
17

18. 18

19. 19

20. www.cyberinsurancequote.gr
20

21. Beazley Global Breach Solution
• Beazley is a pioneer in data breach response insurance and the largest
insurer of cyber liability risks in the Lloyd’s market.
• An insurance solution with comprehensive mitigation services for privacy and
security risks.
• 3.500+ breaches managed
• 80% of claims spend on service and managing breaches.
• Advisen Award 2015: Beazley Breach Response Team
21

22. 22
Cyber Privacy Risks Advisors

23. 23
www.privacyrisksadvisors.com

24. 24
www.cyberinsurancegreece.com

25. Resources
25

26. More Information
26
Nikos Georgopoulos
Cyber Risks Advisor
TEL. 6948 365033
www.cromar.gr
Email: nikos.georgopoulos@cromar.gr