General Data Protection Regulation (GDPR) , Standards, Regulations & Compliance

How Cyber Insurance Is Changing in the GDPR Era

Privacy Breach Claims Are Rising, Says Thomas Clayton of Zurich Insurance
Thomas Clayton, senior cyber underwriter, Zurich Insurance

Although the EU's General Data Protection Regulation only went into full effect on May 25, it's already having an impact on the cyber insurance marketplace.

"GDPR is of massive concern and a big peril for our customers," says Thomas Clayton, a senior cyber underwriter at Zurich Insurance. "We are seeing a big uptick in claims and the costs associated with breach notifications."

On the upside, however, when Zurich interacts with relevant authorities, such as the U.K. Information Commissioner's Office, on behalf of the organizations it insures, such as to share a breach response action plan, Clayton says the insurer is seeing a very measured response.

"Interestingly enough, as we're actually going to speak to the ICO, they're often a lot less concerned than we perhaps thought they were," he says. "And they are often closing off any investigations or any proceedings right at the very early stages, once they get sight of a good plan to take forward and action steps. And they're saying: 'Right, we like that approach. We're going to leave you to it."

In a video interview at Information Security Media Group's recent Security Summit: London, Clayton discusses:

  • Three key things cyber insurance attempts to insure;
  • The effect of GDPR on the cyber insurance marketplace;
  • How the market is likely to evolve.

Clayton is a senior cyber underwriter for the U.K. at Zurich Insurance, reporting into the head of cyber liability for EMEA. He writes large corporate risks in the London market and is responsible for developing cyber business in Ireland, UAE and the U.K.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.