In recent years we’ve seen a huge financial fallout for organisations that have suffered large-scale cyber attacks; from the £500,000 slapped on British Airways for the 380,000 compromised card payments of customers, to the possible $915m fine that Marriott may face following the enormous data breach last year. These repercussions are only likely to worsen as the volume and severity of attacks increases.
For instance, the General Data Protection Regulation (GDPR)’s arrival last year means that companies now face fines of up to 4 percent of global revenues or €20 million, whichever is greater.
In light of these risks, cyber-insurance is emerging as a safety net offering businesses protection if the worst happens. Far from being a luxury, there is every possibility that cyber-insurance will soon become a necessity for any organisation storing personal data. In the same way that drivers are required by law to have motor insurance, businesses may be obliged to have measures in place to guarantee compensation for customers left at risk by any data breach.