Cyber Insurance
Data breaches can be expensive — just ask Marriott. According to the FT, since the hotel group discovered last November that hackers had been accessing its database since 2014 compromising up to 339 million guest records, it has incurred a staggering $100 million in costs. And that is before the £99 million in fines levied by data protection regulators such as the ICO for contravening GDPR.

Doubtless, Marriott’s top brass will be relieved that the effect has been cushioned by insurance policies, which have paid out $102 million to date to cover the losses incurred.

It is not surprising therefore that cyber cover is one of the fastest growing parts of the insurance industry, estimated to be worth $15bn globally by 2022.

High profile data breaches and ransomware attacks are serving to convince organisations that they need to protect themselves – and it is not just big players like Marriott; SMEs are also investing as increasingly the weight of data protection under the new EU regulation makes itself felt.

The insurance, originally devised to protect against the losses occurring from website outages caused by hackers, now covers the cost of potential fines and class action law suits that are springing up. These are filed by lawyers representing the interests of the victims whose records have been compromised by such hacks. Additionally many of the policies also provide forensic investigators to probe the causes and offer solutions, public relations experts to deal with reputational damage and expert negotiators to deal with ransom demands and arrange for their payment, often via bitcoin.

According to insurers the growth markets are sectors where data breach risks are more common including retailers, healthcare, anyone dealing with data analytics and companies that work with big, global firms.

So whilst it is now not just possible but normal to insure against cyberattacks, this does not mean that organisations can rest on their laurels. In fact quite the opposite. Given the often eye watering sums of money relating to a cyberattack  – sometimes running into the hundreds of millions, insurers can look for the smallest infringement of the policy in order not to pay. Therefore having a clear data strategy along with a secure customer data platform in place is now more important than ever. For further information on our GDPR solutions and our industry leading, award winning CDP please don’t hesitate to get in touch!


Emma Thwaites

Emma Thwaites

Client Services Director, Alchemetrics