The GDPR and CYBER policies
My company is not interesting for hackers… my employees are not the source of IT incidents… we have little personal data, so why do we need the GDPR…
Until recently, the above statement illustrated the typical approach of businesses to cyber risk, including data protection issues. Today, “thanks” to hackers, legislators, as well as numerous training, “the virtual becomes real” and market research indicates that cyber risk is an increasingly important threat to entrepreneurs year after year.
Thus, the frequency of inquiries by entrepreneurs about cyber insurance is also increasing. The main trigger here is the GDPR and the prospect of administrative fines. However, it should be remembered that the cyber policy is not only an opportunity to refund administrative penalties resulting from a breach of data protection regulations. It also provides, among other things, coverage for lost profits due to a hacking attack, ransom refunds resulting from cyber extortion and compensation in the event of a privacy breach.
An extremely important benefit of a cyber policy is that it also covers a wide catalog of costs associated with managing a cyber incident. It covers, for example, the costs of notifying the authority and the people whose data has been leaked; the costs of computer forensics investigators; and finally, the repair of the insured person’s image. The essence of these costs stems from the fact that proper management of a cyber incident at the very beginning of its identification may consequently realistically reduce the risk of filing a claim by the victims or the amount thereof. It is worth mentioning that on the market, there are cyber risk insurers cooperating with entities specializing in this field.
However, let us emphasize that the policy is the last element of conscious cyber risk management in an organization. Insurance will not replace the implementation of the GDPR, will not protect against a hacking attack, and will not be a substitute for a business continuity plan. The better an entrepreneur takes care of the security of processed personal data, business information or IT systems, the better the chances of obtaining a satisfactory scope of protection, covering financial losses and claims that would be difficult to avoid despite having the best security measures in place.