CyberCube - Cyber Insurance Analytics

Data privacy regulation a cost burden but nonetheless important

Written by Yvette Essen | Oct 28, 2019 1:11:00 PM

The cyber market is facing a shifting regulatory environment leading to a higher cost base, but such legislation is important and lessons can be learnt from the Terrorism Risk Insurance Act of 2002 (TRIA), said panelists at the Advisen 2019 Cyber Risk Insights Conference in New York.

Michelle Chia, head of professional liability and cyber for Zurich North America, moderated a session highlighting current trends in the cyber landscape. She referred to the shifting environment with the introduction of data privacy regulation, such as the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR).

Emily Simon, finance director for business risk management of Corning Incorporate, discussed the cost burden of regulation but added “at the same time it is very important”. She referred to the initial market response and challenges posed by the introduction of TRIA, but how now “we have a good understanding of what it covers and how it works”.

In response to Michelle’s question, “What more should the insurance industry be doing with respect to insurance regulation?” Emily emphasised there is a responsibility “to share information and hold stakeholders accountable” to enable a better understanding of risks. This view echoes comments made recently by Trevor Maynard, Lloyd’s Head of Innovation, who called for the sharing of cyber risk data to benefit all. In September, Admiral (ret) Mike S. Rogers, the former Director of the National Security Agency (NSA) and Commander of US Cyber Command, also highlighted the need for partnerships at CyberCube’s Foresight conference in London.

Theresa Purcell, director of risk management for Kushner, touched upon the implications of data sharing from a risk management perspective at the Advisen conference. She discussed the reliance on third parties to be up to speed with certain regulation. “If you share data with other vendors who store that information, the control goes over to the other company,” she said. This highlighted the need for ongoing assessment and dialogue between partners.