News & Press: Industry News

Analysis: GDPR Fines Likely Uninsurable – Cyber Panel

Thursday, July 6, 2017   (0 Comments)
Posted by: ACEDS Marketing Team
Share |

Extract from "Analysis: GDPR Fines Likely Uninsurable – Cyber Panel" posted on Reactions

The EU’s new General Data Protection Regulation (GDPR) is raising questions among cyber underwriters about whether the directive’s harsh penalties are insurable.

Most law firms, when speaking off the record, will say they think GDPR fines are uninsurable,” said Lyons.

“They’re not willing to put that in writing, of course, but they are waiting for a test case,” he added.

There are still considerable “grey areas” about using insurance for GDPR fines, suggested Mark Camillo, American International Group’s (AIG) head of cyber in Europe and head of its CyberEdge product, but that across Europe it looks unlikely that penalties could be insured – particularly if criminal proceedings can be brought against those accused.

From May 2018 regulators in the EU – including the UK, which will adopt equivalent rules – will be able to impose penalties of up to €20m or 4% of a company’s worldwide annual turnover for a data breach which might arise from a cyber-attack.

Lyons suggested that Bermuda as a jurisdiction able to underwrite some cyber risk GDPR coverage but that the territory’s cyber risk market was simply too small to cope.

“How much cyber capacity is there in Bermuda? If you’re only able to get a $50-100m limit, then that is not even going to touch the sides ,” said Lyons.

GDPR is raising new compliance issues for how insurers do business, as well as their clients, noted Matthew Webb, group head of cyber at Hiscox. “GDPR puts new focus on obtaining consent for using client data for the purposes that you’re going to use that data for,” said Webb.

Read the full article here


What our customers say?

©2018 Association of Certified E-Discovery Specialists
All Rights Reserved