The EU’s new General Data Protection Regulation (GDPR) is raising questions among cyber underwriters about whether the directive’s harsh penalties are insurable.
Most law firms, when speaking off the record, will say they think GDPR fines are uninsurable,” said Lyons.
“They’re not willing to put that in writing, of course, but they are waiting for a test case,” he added.
There are still considerable “grey areas” about using insurance for GDPR fines, suggested Mark Camillo, American International Group’s (AIG) head of cyber in Europe and head of its CyberEdge product, but that across Europe it looks unlikely that penalties could be insured – particularly if criminal proceedings can be brought against those accused.
From May 2018 regulators in the EU – including the UK, which will adopt equivalent rules – will be able to impose penalties of up to €20m or 4% of a company’s worldwide annual turnover for a data breach which might arise from a cyber-attack.
Lyons suggested that Bermuda as a jurisdiction able to underwrite some cyber risk GDPR coverage but that the territory’s cyber risk market was simply too small to cope.
“How much cyber capacity is there in Bermuda? If you’re only able to get a $50-100m limit, then that is not even going to touch the sides ,” said Lyons.
GDPR is raising new compliance issues for how insurers do business, as well as their clients, noted Matthew Webb, group head of cyber at Hiscox. “GDPR puts new focus on obtaining consent for using client data for the purposes that you’re going to use that data for,” said Webb.
I wanted a certification that separates me from my peers. Upon discovering CEDS, I was convinced this was exactly the type of distinction I had been seeking. Since achieving CEDS certification, I’ve noticed immediate recognition from my organization, colleagues, and current and prospective clients.They acknowledge they are more comfortable working with a person who has taken time to seek such certification. CEDS has certainly been worth the small investment and should continue to beget returns for years and years to come.
Andrew Bayer, CEDS
I get bombarded with all kinds of e-discovery stuff – news, blogs and whatnot. Let me tell you, you guys send the absolute best! I send it to all my partners and sales folks. I said, who are these guys? I have to get to know them better!
Kevin Glass, CEO
As a trial lawyer, day-to-day information processing is daunting for my client service. I’ve come to rely on ACEDS to keep me on the ‘edge’ of the curve on e-discovery. It’s a source I ‘ping’ ASAP.