GDPR spurs board interest in cyber risk and transfer

The pending arrival of the European Union’s General Data Protection Regulation (GDPR) in May next year has moved cyber risk to the top of the corporate agenda for organisations that do business in Europe, according to new survey results released by Marsh. However, only 8% of firms say they are fully compliant with the GDPR. Munich Re and Beazley, that work together on cyber insurance through their Vector partnership, also reported this week that they have witnessed a significant shift in demand for cyber insurance from global customers. Risk managers are looking for broader coverage, in particular for business interruption and contingent business interruption, reported the companies. Marsh’s survey was based on feedback from 1,300 senior executives worldwide. It found that some 65% of respondents whose organisations offer products or services in the EU now consider cyber a top risk. In a similar survey Marsh conducted in continental Europe last year, only 32% of respondents rated cyber as a top five risk. “The imminent implementation of the GDPR is spurring firms to take a fresh look at their cyber risk, not just their privacy protocols,” said John Drzik, president of global risk and digital at Marsh. “This survey indicates that the most prepared firms are using GDPR as a catalyst to enhance their cyber risk management, including a more economic evaluation of their risks and an increased focus on building resilience in the face of an inevitable cyber incident,” he added. Marsh found that organisations plan to spend more on cyber risk management. Of those that have plans for GDPR implementation, 78% said they would increase spending on cyber risk over the next 12 months, including cyber insurance. Some 52% of those who currently have no plans for the GDPR, said that their investment in cyber risk management would increase anyway. Rather worryingly, only 8% of respondents at GDPR-affected organisations asserted that their firms were fully compliant, while 57% of respondents indicated their organisations are developing compliance plans. Meanwhile, Beazley and Munich Re, through their Vector partnership that offers global companies up to $100m or €100m of cover for a range of first party and third party cyber exposures, report strong demand to guard against cyberattacks. When Vector was launched most cyber policies only addressed third party liabilities arising from data breaches and were designed mainly for firms that hold large volumes of personally identifiable customer data, such as retailers and financial institutions. Cyberattacks were perceived as less of a threat by many other industries such as large industrial companies and providers of critical infrastructure. “Since we established Vector, we’ve seen a significant shift in the pattern of demand for cyber cover,” said Paul Bantick, technology, media and business services UK focus group leader at Beazley. “Every company insured through Vector has sought considerably broader coverage, in particular for business interruption and contingent business interruption. While these businesses have traditional property and cyber liability policies in place, they have recognised that they do not have complete protection for cyber-related events and this is clearly an issue that boards want addressed,” he added. Beazley and Munich Re pointed out that recent high pro-file cyberattacks, such as WannaCry and NotPetya, have high-lighted the vulnerability of these non-retail organisations. “For manufacturers, the greatest fear is a loss of production capability, whether caused by an attack on the company’s own system or on a critical supplier. The loss of customers’ personal data is still a concern, and that concern is growing with the coming into force of the European Union’s General Data Protection Regulation next year,” they added.

GDPR spurs board interest in cyber risk and transfer

Want to read this article?

Read Next

Positive news for Asian risk managers as softening continues: Aon

Establishing a captive insurer – IPT compliance considerations

Supply chains warned of further disruption and costs as Red Sea risk zone widened

Howden’s data analysis finds insurers should be taking on more cyber risk

Asian investors urge action on nature-related risk

Positive news for Asian risk managers as softening continues: Aon

Establishing a captive insurer – IPT compliance considerations

Supply chains warned of further disruption and costs as Red Sea risk zone widened

Howden’s data analysis finds insurers should be taking on more cyber risk

Asian investors urge action on nature-related risk

Want to read this article?

Read Next

Positive news for Asian risk managers as softening continues: Aon

Establishing a captive insurer – IPT compliance considerations

Supply chains warned of further disruption and costs as Red Sea risk zone widened

Howden’s data analysis finds insurers should be taking on more cyber risk

Asian investors urge action on nature-related risk

Related Articles