Re/insurers are taking steps to shore up their data usage as new data protection laws, the General Data Protection Regulation (GDPR) are set to be implemented across the European Union (EU), bringing an anticipated boom in cyber insurance revenues, according to A.M. Best’s recent market briefing.
The GDPR will come into force in May 2018, with the aim to simplify the regulatory environment to make data protection rules consistent throughout the EU.
Firms involved in processing personal data will have to comply with a number of new obligations including stricter data-breach reporting, in an effort to enhance transparency.
As a result these firms will be more likely to opt for securing themselves with cyber cover, opening up new demand in the European re/insurance cyber market, which is still nascent compared with the growth occurring in the U.S.
A.M. Best, explained; “The GDPR further intends to increase the effectiveness of the right to data protection, and whilst this is expected to provide regulatory challenges for (re)insurers, the requirement for mandatory notification of serious data breaches is also likely to fuel supply of and demand for cyber insurance in Europe.”
In the short-term, GDPR is expected to drive higher demand for cyber products as tougher data-breach reporting rules lead to many more reported breaches and greater awareness of cyber risk.
Consequently, as more reliable data on breaches becomes available and re/insurers translate this into more accurate pricing models, A.M. Best said new products will appear on the market further spurring the supply/demand chain.
Re/insurers operating in the E.U. have been taking proactive steps to respond to the upcoming regulatory changes, A.M. Best financial analyst, Alvise Argenton, said; “European insurers have told A.M. Best they are undergoing a comprehensive review of their data-related risk management, looking at breach-response plans and the resilience of their systems.”
From an underwriting standpoint, he said, some insurers have suggested the GDPR will represent “‘a shot in the arm” for the non-U.S. cyber market.
“The GDPR is, therefore, expected to represent a major change for the European cyber insurance market.”
