GDPR: Should Your Organisation Purchase Cyber Insurance?

06/08/2017

With data breaches at a record high and the average cost of a cyber-security breach costing upwards of £1.15m, is it about time your business got insurance?

When a burglar breaks into your home, insurance is there to help you bear the financial burden of your loss. Likewise, when your car gets stolen, insurance helps mitigate the cost to replace it.

But when it comes to your business, are you properly insured?

To this point many businesses have grown accustomed to purchasing insurance policies like the ones mentioned above - policies involving their commercial property, business interruption, or even professional indemnity. While those policies help protect their financial interest in many areas, they do not cover a majority of the disasters that arise in the current digital age, specifically data breaches and non-compliance under the new GDPR.

Data breaches are already reaching all-time highs this year (2,227 publicly disclosed data breaches with more than 6 billion records exposed in 1H 2017) and the UK Government estimates that the average cost of a cyber-security breach is £600k-£1.15m for large businesses and £65k-115k for SMEs. This is irrespective of the fines and sanctions under the new GDPR, which will surely add to those costs.

With that being said, it will be imperative for any organization that deals with corporate and customer data to be able to protect themselves financially in the event of a breach.

The good news is that cyber insurance firms are offering new policies to help organisations protect themselves from the financial implications of a breach. These new specialised cyber insurance policies can cover the losses relating to damage to, or loss of information from, IT systems and networks.

Ahead of the new GDPR, which is just a little over 9 months away, we've been speaking with some of the leading insurers and brokers currently covering these new cyber insurance policies. Both sides agree that data breach and non-compliance are very serious concerns and with the right policy in place the financial impact can be mitigated so that businesses are not crippled, or worse, forced to close up shop.

Read more: https://www.cbronline.com/news/cybersecurity/business/gdpr-organisation-purchase-cyber-insurance/