Despite GDPR, Looks like There's No Rush to Buy Cyberinsurance
The European Union’s General Data Protection Regulation, which officially went on the books May 25, has had companies around the world worried—and for good reason.
Failure to comply with the data privacy and security regulation, which is applicable to companies that handle and process EU citizens’ data, could lead to fines of up to 4 percent of a company’s global revenue or 20 million euros, whichever is higher.
[...]
Jared Zola, a partner at Blank Rome, said that he too is not surprised that companies are not rushing to get cyberinsurance because, save for the policies from a few insurers, guidelines are generally not yet explicit in saying that the potential fines and penalties will be covered.
Zola said there are “strong arguments” that GDPR is covered by third-party liability sections of cyberinsurance policies. And even for the handful of insurers that do explicitly cover GDPR fines by endorsement, policies are “not written as clearly as they could be,” he noted.
“I think we’re going to see that changing over the next couple of years. Slowly but surely that language will make its way into a policy that the companies are buying off the shelf,” Zola said. “I think what you’re going to see is the evolution of very clear GDPR coverage language being added to these policies.”
To read the full article, please click here.
"Despite GDPR, Looks like There's No Rush to Buy Cyberinsurance," by Dan Clark was published in Corporate Counsel on June 28, 2018.
This article was reprinted in Property Casualty 360 on July 13, 2018.