cyber

PROPERTY & CASUALTY NEWSLETTER: August 2018

gdpr resized.jpg

The General Data Protection Regulation (GDPR) is a European Union (EU) data protection law that applies to all individuals living in the EU and European Economic Area (EEA) but has big implications for U.S. companies doing business around the globe. The law aims to put EU residents in control of their personal data. It regulates how their data is collected, processed, stored, deleted, transferred and used. U.S. companies doing business in the EU and EEA had to comply with the regulation by May of this year or face stiff fines of up to 4 percent of annual global revenue or $20 million, whichever is higher. But many companies are struggling to reach the level of compliance required.

This law has implications for nearly every global industry like healthcare, legal, finance, insurance, and consulting. When it comes to targeting industries, finance has a bullseye on its back. Because of this, financial organizations have processes and technologies in place to detect and respond to any breaches, thanks to industry regulations like FINRA.

GDPR regulations bring a huge shift for US businesses in terms of post-breach notification requirements, potential issues with the insurability of GDPR fines, and the regulation of equal liability on data owners and data processors.

Data breaches and cyber attacks are the new normal and the risks are becoming more mainstream, massive attacks being reported daily, and all of the breaches usually include personal data.

The United States doesn’t have a federal law like the GDPR, but some states are putting similar regulations in place. New York’s is called the Department of Financial Services cybersecurity regulation (23 NYCRR part 500) and became law in March 2017. This law protects citizens and consumers by forcing businesses to have secure cyber systems in place to safeguard the confidentiality and availability of identification and financial information. If their system is breached, they need to be able to detect a breach and respond to it immediately to mitigate the breach. They also must report the event and begin a cyber audit to identify how the breach occurred.

IT departments around the globe were scurrying to meet the May 2018 GDPR deadline but many U.S. businesses remain non-compliant and have purchased cyber insurance to rely in case of a breach. Cyber insurance can help cushion the cost of a breach, including secondary costs like the expense of containing, communicating, investigating and remediating the hack. However, many insurance policies don’t cover fines from non-compliance to the GDPR principles. That why multiple layers of defense are needed. Such layers could include technical and organizational controls that protect the integrity and confidentiality of EU personal data.

To be compliant, some businesses will:

  • Discover and classify all personal data
  • Create a plan to close all identified protection control gaps
  • Devise and communicate a data privacy policy
  • Encrypt all personal EU data
  • Develop a processing policy
  • Partner with third-parties that process personal EU data on its behalf
  • Produce a process to test the effectiveness of data protection control
  • Enhance security controls: monitor, detect, respond and report all policy violations and external threats.

 

Adhering to compliance and standards-based framework can help businesses attract and retain more customers. By building trust with consumers, businesses can differentiate and grow in an ever more competitive global market.

If you have questions about this article or cyber insurance, contact a cyber insurance expert at The Plexus Groupe at 847-307-6100.

 

While a stormy 2017 was expensive for insurers, it could have been worse

Untitled-design-30.jpg

In our latest look at Property & Casualty news and notes, we dive into the subject of 2018 commerical insurance pricing for insurers after a disaster-laden 2017.

Market watch: Though plenty of roofs caved in last year, the sky isn't falling in 2018

Global weather and storm losses reached $330 billion in 2017, with insured losses at $135 billion, according to reinsurer MunichRe. However, these losses do not necessarily mean that insurance rates will significantly rise, with numerous published reports suggesting that insurers built up excess capacity before a tumultuous 2017 -- and that losses were within acceptable limits. Nevertheless, property, conmercial auto, business owners, and general liability rates were up slightly in the fourth quarter of last year, per the IVANS index, which tracks rate renewals from more than 380 insurers.

Report: Securities lawsuit filings jumped 53% in 2017

Directors and officers of publicly traded companies found themselves at the center of more lawsuits than usual in 2017. Per Business Insurance magazine, securities lawsuits increased from 271 in 2016 to 415 in 2017, according to data from Kevin LaCroix, executive vice president at RT ProExec, a division of insurance wholesaler RT Specialty. That's a 53 percent increase over the previous year. Whether your firm is publicly traded or not, having the right directors and officers is key. We can help. For more information, contact Plexus Vice President of Executive Liability Willie Lindsey at wlindsey@plexusgroupe.com or 847-307-6100.

Getting to know Plexus's Cyber Indication Form

Ever thought about getting cyber insurance for your business but didn't know where to start? Check out our quick and easy Cyber Liability Indication Form. Fill it out, and one of our client service team representatives can give you a sense of the coverage you need -- and what it could cost.