This document discusses cyber privacy insurance and the General Data Protection Regulation (GDPR). It provides an overview of data breach costs by industry. GDPR fines can be up to 20 million Euros or 4% of annual global turnover for breaches. Under GDPR, breaches must be reported to regulators within 72 hours and affected individuals if there is a high risk. The document also summarizes common cyber insurance coverage types like crisis management, cyber extortion, data asset protection, and business interruption. It analyzes past insurance claims payouts and causes of loss. Websites for cyber insurance quotes and resources are also listed.
2. Contents
• Corporate Assets
• Data Breach Costs
• The Data Protection Landscape - GDPR
• The DPO Academy
• A Simplified Overview of a Data Breach
• Cyber Insurance Covers at a glance
• Cyber Insurance Claims Analysis
• Categories of Information Insurers Need to Underwrite Cyber risk
• Cyber Secure Solution
• www.cyberinsurancequote.gr
• Cyber Risks Advisors LinkedIn Group
• www.privacyrisksadvisors.com
• www.cyberinsurancegreece.com
• Resources
• More Information
2
6. 6
The Data Protection Landscape - GDPR
General Data Protection Regulation
• Fines - of up to EUR 20m or 4% of annual global turnover for breaches
of the rules
• Breach notification:
– Regulator - “without undue delay” and where feasible within 72 hours
– Affected Individuals – only where breaches likely to pose a high risk
• Data Protection Officers
• Privacy Impact Assessment
• Incident Response Plan
• Controllers & Processors
• Information Security/Privacy Policies and Procedures
11. Insurance Covers at a Glance
First Party Coverage
• Crisis Management & Identity Theft Response: Expenses for communications to notify affected
customers, provide credit monitoring services, conduct forensic investigations, and for expenses
incurred in retaining a crisis management or public relations firm for the purpose of protecting/
restoring the organization’s reputation.
• Cyber Extortion: Expenses to pay ransom or investigate a threat to release, divulge, disseminate,
destroy, steal, or use confidential information; introduce malicious code into a computer system;
corrupt, damage or destroy a computer system, or restrict or hinder access to a computer system.
• Data Asset Protection: Recovery of your costs and expenses incurred to restore, recreate or regain
access to any software or electronic data from back-ups or from originals or to gather, assemble
and recreate such software or electronic data from other sources to the level or condition in which
it existed immediately prior to its alteration, corruption, destruction, deletion or damage. Network
• Business Interruption: Reimbursement for loss of income and/or extra expense resulting from an
interruption or suspension of systems.
Third Party Coverage
• Network Security Liability: Covers claims from third parties arising from a breach in network
security or transmission of malware/viruses to third party computers and systems.
• Privacy Liability: Covers claims from third parties as a result of a failure to properly handle,
manage, store or otherwise protect personally identifiable information, confidential corporate
information, and unintentional violation of privacy regulations.
11
14. Claims Payouts by Type of Cost
14
NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims
15. Claims by Cause of Loss
15
NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims
16. Claims Allocation by Business Sector
16
NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims
17. Information Insurers Need to Underwrite Cyber
• Industry / turnover
• Data – amount and type
• Dedicated Information Security Resources
• Information Security Policies and Procedures
• Employee Education
• Incident Response Planning
• Vendor Management
• Board Oversight
• Claims experience
• GDPR Compliance
17
21. Beazley Global Breach Solution
• Beazley is a pioneer in data breach response insurance and the largest
insurer of cyber liability risks in the Lloyd’s market.
• An insurance solution with comprehensive mitigation services for privacy and
security risks.
• 3.500+ breaches managed
• 80% of claims spend on service and managing breaches.
• Advisen Award 2015: Beazley Breach Response Team
21