1

GDPR & Cyber Privacy Insurance

Nikos Georgopoulos, MBA, cyRM

Cyber Risks Advisor

Contents

• Corporate Assets

• Data Breach Costs

• The Data Protection Landscape - GDPR

• The DPO Academy

• A Simplified Overview of a Data Breach

• Cyber Insurance Covers at a glance

• Cyber Insurance Claims Analysis

• Categories of Information Insurers Need to Underwrite Cyber risk

• Cyber Secure Solution

• www.cyberinsurancequote.gr

• Cyber Risks Advisors LinkedIn Group

• www.privacyrisksadvisors.com

• www.cyberinsurancegreece.com

• Resources

• More Information

2

Corporate Assets

3

The Average per Capita Cost of Data Breach per Industry

4

2014 – Cost of Data Breach Study global – Ponemon Institute Research Report

GDPR

5

6

The Data Protection Landscape - GDPR

General Data Protection Regulation

• Fines - of up to EUR 20m or 4% of annual global turnover for breaches of the rules

• Breach notification:

– Regulator - “without undue delay” and where feasible within 72 hours

– Affected Individuals – only where breaches likely to pose a high risk

• Data Protection Officers

• Privacy Impact Assessment

• Incident Response Plan

• Controllers & Processors

• Information Security/Privacy Policies and Procedures

The DPO Academy (www.dpoacademy.com)

7

The DPO Academy LinkedIn Group

8

9

A Simplified Overview of a Data Breach

Cyber Insurance Covers

10

Insurance Covers at a Glance

First Party Coverage

• Crisis Management & Identity Theft Response: Expenses for communications to notify affected

customers, provide credit monitoring services, conduct forensic investigations, and for expenses

incurred in retaining a crisis management or public relations firm for the purpose of protecting/

restoring the organization’s reputation.

• Cyber Extortion: Expenses to pay ransom or investigate a threat to release, divulge, disseminate,

destroy, steal, or use confidential information; introduce malicious code into a computer system;

corrupt, damage or destroy a computer system, or restrict or hinder access to a computer system.

• Data Asset Protection: Recovery of your costs and expenses incurred to restore, recreate or regain

access to any software or electronic data from back-ups or from originals or to gather, assemble

and recreate such software or electronic data from other sources to the level or condition in which

it existed immediately prior to its alteration, corruption, destruction, deletion or damage. Network

• Business Interruption: Reimbursement for loss of income and/or extra expense resulting from an

interruption or suspension of systems.

Third Party Coverage

• Network Security Liability: Covers claims from third parties arising from a breach in network

security or transmission of malware/viruses to third party computers and systems.

• Privacy Liability: Covers claims from third parties as a result of a failure to properly handle,

manage, store or otherwise protect personally identifiable information, confidential corporate

information, and unintentional violation of privacy regulations.

11

Cyber Claims Analysis

12

Cyber Claims Analysis

13

Claims Payouts by Type of Cost

14

NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims

Claims by Cause of Loss

15

NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims

Claims Allocation by Business Sector

16

NetDiligence Report 2015 – Cyber Liability and Data Breach Insurance Claims

Information Insurers Need to Underwrite Cyber

• Industry / turnover

• Data – amount and type

• Dedicated Information Security Resources

• Information Security Policies and Procedures

• Employee Education

• Incident Response Planning

• Vendor Management

• Board Oversight

• Claims experience

• GDPR Compliance

17

18

19

www.cyberinsurancequote.gr

20

Beazley Global Breach Solution

• Beazley is a pioneer in data breach response insurance and the largest

insurer of cyber liability risks in the Lloyd’s market.

• An insurance solution with comprehensive mitigation services for privacy and

security risks.

• 3.500+ breaches managed

• 80% of claims spend on service and managing breaches.

• Advisen Award 2015: Beazley Breach Response Team

21

22

Cyber Privacy Risks Advisors

23

www.privacyrisksadvisors.com

24

www.cyberinsurancegreece.com

Resources

25

More Information

26

Nikos GeorgopoulosCyber Risks Advisor

TEL. 6948 365033

www.cromar.gr

Email: nikos.georgopoulos@cromar.gr