File picture: AP Photo/Wilfredo Lee/AP
INTERNATIONAL - Data privacy rules coming into force this week are giving Europe’s fledgling cyber insurance market a boost as they make companies more aware of the risks caused by customer information breaches.

Europe’s General Data Protection Regulation (GDPR), which takes effect on Friday, has been billed as the biggest shake-up of data privacy laws since the birth of the web.

It aims to give EU citizens more rights over their online information and threatens fines of up to 4 percent of a company’s annual revenue for serious infringements.

The latter will include failure to notify regulators of breaches within 72 hours.

The law brings Europe more closely into line with the United States, where many states have for several years required firms to notify regulators about data breaches.

Insurers say the directive, together with major cyber attacks like last year’s WannaCry and NotPetya viruses, is driving demand in Europe for cyber insurance - a sector seen as relatively profitable.

Cyber cover can pay for anything from the repair of IT systems after a data breach, to compensation for lost business, legal costs and even for a public relations firm to patch up damaged reputations.

The number of syndicates offering cyber insurance in the giant Lloyd’s of London commercial insurance market jumped by more than 20 percent last year to over 70. Lloyd’s Chief Executive Inga Beale told Reuters by email that gross written premiums for European cyber insurance could total more than $2 billion annually by 2020, partly as a result of the new directive.

Major players in the sector include insurance giants AIG and Zurich, and Lloyd’s insurers Beazley and Hiscox.

However, less than one tenth of annual premiums in the $2.5 billion global cyber market are for Britain and the rest of Europe, according to Betterley Risk Consultants.

Paul Merrey, a partner at KPMG focusing on insurance, said the difference in take-up was mainly due to different legal frameworks between Europe and the United States.

“GDPR significantly closes this gap,” he said.


AIG says its European cyber business has risen by 50 percent this year compared with a year ago. The firm declined to give a figure.

“We are seeing a lot more interest in cyber coverage,” said Mark Camillo, head of cyber for EMEA at AIG.

AIG said its European business accounted for 25 percent of its global cyber portfolio at the end of 2017, up from just five percent three years previously.

Insurers typically do not break out their cyber revenues in their annual results, but several told Reuters their business had increased and they expected further growth.

Insurance firm CFC Underwriting has seen a “huge surge” in enquiries about cyber insurance from outside the United States, said Graeme Newman, CFC’s chief innovation officer, with its UK cyber business growing by 150 percent in the last year.