Cyber insurance company Coalition has added coverage to protect small and medium-sized businesses (SMBs) against European Union (EU) General Data Protection Regulation (GDPR) compliance violations.
Coalition's GDPR coverage safeguards SMBs against the costs and liabilities associated with GDPR violations. It also protects SMBs if they fail to comply with GDPR enforcement actions.
How Has GDPR Affected Cyber Insurers Thus Far?
GDPR is driving cyber insurance sales, but its overall impact on cyber insurers thus far remains unclear, the "2018 Survey of Cyber Insurance Market Trends" from PartnerRe indicated.
Key findings from the PartnerRe survey included:
- 71 percent of cyber insurance professionals said GDPR won't have much of an impact on buyers until there are "headline" losses.
- 66 percent felt GDPR will have an impact on cyber insurance policy wordings.
- 43 percent said GDPR will affect cyber insurance pricing.
In addition to Coalition, other cyber insurers have introduced GDPR offerings.
For example, AXA XL, a subsidiary of global insurance and reinsurance company AXA, in December added GDPR readiness assessments to its portfolio. These assessments are designed to help organizations identify and address GDPR compliance gaps.
Are Businesses Ready for GDPR?
Businesses that comply with GDPR's data security requirements often experience shorter delays in their sales cycles and less destructive data attacks, according to the "2019 Data Privacy Benchmark Study" conducted by Cisco. Other notable findings from the Cisco study included:
- 59 percent of companies meet all or most GDPR requirements, and 29 percent expect to meet these requirements within one year.
- GDPR-ready organizations experienced average sales cycle delays due to privacy concerns of 3.4 weeks, compared to 5.4 weeks for organizations that were not GDPR-ready.
- 37 percent of GDPR-ready companies experienced a data breach costing more than $500,000; conversely, 64 percent of the least GDPR-ready companies suffered a data breach of $500,000 or more.
GDPR took effect May 25, 2018 and affects businesses that offer goods and services in Europe or collect data from European citizens. Failure to comply with the regulation's data security mandates may result in penalties assessed at 4 percent of an organization's annual global revenue or 20 million euros (approximately $22.7 million), whichever amount is higher.