gdpr cyber insurance 11/1/2017
TRANSCRIPT
1
GDPR & Cyber Privacy Insurance
Nikos Georgopoulos, MBA, cyRM
Cyber Risks Advisor
Contents
• Corporate Assets
• Data Breach Costs
• The Data Protection Landscape - GDPR
• The DPO Academy
• A Simplified Overview of a Data Breach
• Cyber Insurance Covers at a glance
• Cyber Insurance Claims Analysis
• Categories of Information Insurers Need to Underwrite Cyber risk
• Cyber Secure Solution
• www.cyberinsurancequote.gr
• Cyber Risks Advisors LinkedIn Group
• www.privacyrisksadvisors.com
• www.cyberinsurancegreece.com
• Resources
• More Information
2
Corporate Assets
3
The Average per Capita Cost of Data Breach per Industry
4
2014 – Cost of Data Breach Study global – Ponemon Institute Research Report
GDPR
5
6
The Data Protection Landscape - GDPR
General Data Protection Regulation
• Fines - of up to EUR 20m or 4% of annual global turnover for breaches of the rules
• Breach notification:
– Regulator - “without undue delay” and where feasible within 72 hours
– Affected Individuals – only where breaches likely to pose a high risk
• Data Protection Officers
• Privacy Impact Assessment
• Incident Response Plan
• Controllers & Processors
• Information Security/Privacy Policies and Procedures
The DPO Academy (www.dpoacademy.com)
7
The DPO Academy LinkedIn Group
8
9
A Simplified Overview of a Data Breach
Cyber Insurance Covers
10
Insurance Covers at a Glance
First Party Coverage
• Crisis Management & Identity Theft Response: Expenses for communications to notify affected
customers, provide credit monitoring services, conduct forensic investigations, and for expenses
incurred in retaining a crisis management or public relations firm for the purpose of protecting/
restoring the organization’s reputation.
• Cyber Extortion: Expenses to pay ransom or investigate a threat to release, divulge, disseminate,
destroy, steal, or use confidential information; introduce malicious code into a computer system;
corrupt, damage or destroy a computer system, or restrict or hinder access to a computer system.
• Data Asset Protection: Recovery of your costs and expenses incurred to restore, recreate or regain
access to any software or electronic data from back-ups or from originals or to gather, assemble
and recreate such software or electronic data from other sources to the level or condition in which
it existed immediately prior to its alteration, corruption, destruction, deletion or damage. Network
• Business Interruption: Reimbursement for loss of income and/or extra expense resulting from an
interruption or suspension of systems.
Third Party Coverage
• Network Security Liability: Covers claims from third parties arising from a breach in network
security or transmission of malware/viruses to third party computers and systems.
• Privacy Liability: Covers claims from third parties as a result of a failure to properly handle,
manage, store or otherwise protect personally identifiable information, confidential corporate
information, and unintentional violation of privacy regulations.
11
Cyber Claims Analysis
12
Cyber Claims Analysis
13
Claims Payouts by Type of Cost
14
NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims
Claims by Cause of Loss
15
NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims
Claims Allocation by Business Sector
16
NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims
Information Insurers Need to Underwrite Cyber
• Industry / turnover
• Data – amount and type
• Dedicated Information Security Resources
• Information Security Policies and Procedures
• Employee Education
• Incident Response Planning
• Vendor Management
• Board Oversight
• Claims experience
• GDPR Compliance
17
www.cyberinsurancequote.gr
20
Beazley Global Breach Solution
• Beazley is a pioneer in data breach response insurance and the largest
insurer of cyber liability risks in the Lloyd’s market.
• An insurance solution with comprehensive mitigation services for privacy and
security risks.
• 3.500+ breaches managed
• 80% of claims spend on service and managing breaches.
• Advisen Award 2015: Beazley Breach Response Team
21
22
Cyber Privacy Risks Advisors
23
www.privacyrisksadvisors.com
24
www.cyberinsurancegreece.com
Resources
25
More Information
26
Nikos GeorgopoulosCyber Risks Advisor
TEL. 6948 365033
www.cromar.gr
Email: [email protected]