GDPR & Cyber insurance
Everybody in the business world is talking about GDPR at the moment. However, we should not overlook the wider business considerations which sit within appropriate data management and the risks and liabilities these present.
By Alan Boswell Group

GDPR
GDPR is concerned with the control, regulation and protection of private, personal data. The good practices which businesses introduce as a consequence of GDPR will serve well in managing the similar risks faced in respect of sensitive corporate and commercial data.
However, no matter the good data management practices and procedures being introduced, both personal and corporate, a business will fall victim to a hack or simple human error at some time. It is at this point that you will appreciate the value of an insurer partnership which helps capture and manage the situation on your behalf. Quite simply, in most cases, a company will not know what to do when faced with system degradation or extortion.
Reputation
Capturing and effectively managing the initial incident will be key to how a business emerges from a data breach. Reputation is key to a company’s success and survival, namely:
how it manages such a crisis
how it is perceived post-loss
how successful it is in retaining clients
The insurance cover provided by a cyber policy is important, of course, but of equal importance is how an insurance company deals with the problem from the moment it first presents itself. Consequently, the choice of insurer and the effectiveness of their ‘First Response’ services is a vital consideration.
Not all insurance companies are the same!
First Response
The right ‘First Response’ team will:
supply appropriate IT, Legal and Forensic support
manage notification to the ICO
provide necessary credit/identity monitoring
provide call centre support
provide Public Relations management and support
manage communications with data subjects
manage extortion/ransom demands
Very often, this initial action will protect the business from income loss or third party data loss claims and hence, why insurers place great value on the early intervention of their ‘First Response’ services and cover these costs in full. But, as part of the much wider cyber debate, one should also give consideration to:
regulatory requirements to protect personal data
the business need to protect corporate data
the effectiveness of an insurers ‘First Response’
loss-mitigation and training services
the right level of insurance protection when security is breached and encryption occurs
Delivery of effective reputational management
The right insurance policy will cover:
First Response costs
Own repair costs
Your loss of income
Claims from affected parties for damages and costs (individuals, including employees, and corporates)
Regulatory costs and fines
Choosing the right insurer, however, is not easy. There are significant differences between them in respect of both cover and restrictions and, hence, the need to talk to the right insurance advisor who can walk you through the myriad of options. The right insurance advisor is Alan Boswell Group. For more information please contact us.
Need help with your insurance?
Whether you need a quote, have a general enquiry, or want to talk it through over the phone, we're here to help.
Send an enquiry
Related guides and insights

Do you need cyber insurance to protect your self-drive hire business?
Recent data breaches have highlighted the importance of good cyber-security – and the right cyber insurance – for businesses in the self-drive hire sector.

Cyber-crime and insuring your business
As cyber-attacks and data breaches make the headlines, Phil Thorpe stresses the importance of Cyber Liability Insurance and the risks your business may be facing.

Cyber security audits explained
Cybercrime is one of the biggest threats to businesses across all industries and having appropriate cyber security in place is vital. We take a look at cyber security audits, how they work and why they're important.

Guide to cyber security incident response planning
We speak to Darren Chapman, Director and Principal Consultant at CyberScale to find out more about cyber security incident response planning and why it's essential for businesses of all sizes.