Data breaches and cybercrime can be devastating for victims. And this issue is becoming increasingly important, because, until recently, the impact of a data breach on business, while damaging, probably wasn’t too bad for big corporations due to the relatively low level of fines that could be issued. But, since the introduction of the General Data Protection Regulation (GDPR), fines have skyrocketed. For example, in 2020 the ICO fined British Airways £20 million, and Marriott £18.4 million for high-profile data breaches.
With data breaches continuing to occur, and more and more consumers joining together to uphold their data protection rights, organisations of all types and sizes may find it difficult to recover from a data security breach.
Some of the possible consequences faced by companies that fail to keep data safe include:
- loss of time and money due to having to repair affected systems and disruption to trading
- loss of reputational damage and sales (lack of trust from current and potential customers)
- loss due to the legal consequences of a data breach (e.g. fines, legal fees and compensation payments)
- loss of competitive advantage due to the theft of trade secrets or copyrighted material
- having to pay fraudsters (cyber extortion)
- rises in insurance premiums.
So, what can organisations do to protect themselves and the people they hold data on?
Cyber insurance must become the norm
The first thing we would recommend is the implementation of robust data security processes. Because, when it comes to privacy breaches, prevention is always better than cure. But we also have to be realistic, and in a world that is increasingly digital, cyber-attacks are going to happen. So, organisations must also take out insurance to cover the risk of cybercrime.
The insurance industry is assessing the threat
In 2019, The Association of British Insurers (ABI) – an organisation that represents the insurance industry – asked the Information Commissioner’s Office (ICO) to make anonymised cyber breach data publicly available. The ABI feels that this is necessary for insurers to accurately gauge the level of risk and set the price of cyber insurance. So it is clear that insurance companies are well aware of the growing threat.
Also, according to the ABI, fewer and fewer companies are getting away with privacy violations, with claims payout rates reaching 99%. This is one of the highest claims acceptance rates across all insurance products.
Standard insurance policies do not cover cyber risk
Despite the rise in cybercrime, many UK organisations are still failing to insure themselves against the threat of a data breach. In fact, according to the ABI, only 11% of UK companies are said to have specific cyber insurance.
But standard insurance policies do not cover cyber risk, so every business must now consider cyber insurance to take preventative measures in the face of hackers. Because if a group action data breach claim is made against a company, and it is found liable for data privacy errors, the consequences of not being covered could be catastrophic.
Cyber insurance helps victims of cybercrime
Cyber insurance doesn’t just help organisations that experience a data privacy violation. It also helps people who have their data breached. Providing adequate redress to the victims of data breaches shouldn’t put an organisation out of business and with insurance in place, offending organisations will find it much easier to compensate victims.
Indeed, with adequate cyber insurance and improved data security processes, both companies and the people they serve will be better protected.
Are you the victim of a cybercrime? Our expert data breach lawyers can help
We provide clear and comprehensive advice and legal support to ensure the best possible result for victims of data breaches.