How Cyber Insurance Is Changing in the GDPR EraPrivacy Breach Claims Are Rising, Says Thomas Clayton of Zurich Insurance
Although the EU's General Data Protection Regulation only went into full effect on May 25, it's already having an impact on the cyber insurance marketplace.
"GDPR is of massive concern and a big peril for our customers," says Thomas Clayton, a senior cyber underwriter at Zurich Insurance. "We are seeing a big uptick in claims and the costs associated with breach notifications."
On the upside, however, when Zurich interacts with relevant authorities, such as the U.K. Information Commissioner's Office, on behalf of the organizations it insures, such as to share a breach response action plan, Clayton says the insurer is seeing a very measured response.
"Interestingly enough, as we're actually going to speak to the ICO, they're often a lot less concerned than we perhaps thought they were," he says. "And they are often closing off any investigations or any proceedings right at the very early stages, once they get sight of a good plan to take forward and action steps. And they're saying: 'Right, we like that approach. We're going to leave you to it."
In a video interview at Information Security Media Group's recent Security Summit: London, Clayton discusses:
- Three key things cyber insurance attempts to insure;
- The effect of GDPR on the cyber insurance marketplace;
- How the market is likely to evolve.
Clayton is a senior cyber underwriter for the U.K. at Zurich Insurance, reporting into the head of cyber liability for EMEA. He writes large corporate risks in the London market and is responsible for developing cyber business in Ireland, UAE and the U.K.