GDPR and Cyber insurance
Everybody in the business world is talking about GDPR at the moment. However, we should not overlook the wider business considerations which sit within appropriate data management and the risks and liabilities these present.
GDPR is concerned with the control, regulation and protection of private, personal data. The good practices which businesses introduce as a consequence of GDPR will serve well in managing the similar risks faced in respect of sensitive corporate and commercial data.
However, no matter the good data management practices and procedures being introduced, both personal and corporate, a business will fall victim to a hack or simple human error at some time. It is at this point that you will appreciate the value of an insurer partnership which helps capture and manage the situation on your behalf. Quite simply, in most cases, a company will not know what to do when faced with system degradation or extortion.
Capturing and effectively managing the initial incident will be key to how a business emerges from a data breach. Reputation is key to a company’s success and survival, namely:
- how it manages such a crisis
- how it is perceived post-loss
- how successful it is in retaining clients
The insurance cover provided by a cyber policy is important, of course, but of equal importance is how an insurance company deals with the problem from the moment it first presents itself. Consequently, the choice of insurer and the effectiveness of their ‘First Response’ services is a vital consideration.
Not all insurance companies are the same!
The right ‘First Response’ team will:
- supply appropriate IT, Legal and Forensic support
- manage notification to the ICO
- provide necessary credit/identity monitoring
- provide call centre support
- provide Public Relations management and support
- manage communications with data subjects
- manage extortion/ransom demands
Very often, this initial action will protect the business from income loss or third party data loss claims and hence, why insurers place great value on the early intervention of their ‘First Response’ services and cover these costs in full. But, as part of the much wider cyber debate, one should also give consideration to:
- regulatory requirements to protect personal data
- the business need to protect corporate data
- the effectiveness of an insurers ‘First Response’
- loss-mitigation and training services
- the right level of insurance protection when security is breached and encryption occurs
- Delivery of effective reputational management
The right insurance policy will cover:
- First Response costs
- Own repair costs
- Your loss of income
- Claims from affected parties for damages and costs (individuals, including employees, and corporates)
- Regulatory costs and fines
Choosing the right insurer, however, is not easy. There are significant differences between them in respect of both cover and restrictions and, hence, the need to talk to the right insurance advisor who can walk you through the myriad of options. The right insurance advisor is S-Tech Insurance Services. For more information please contact us.