AIG warns of rise in data breaches as GDPR comes into force

Cyber crime

Provider says new rules can become “another tool for negotiation by extortionists”.

A surge in data breaches and other security failure insurance claims is expected when the EU General Data Protection Regulations (GDPR) come into force on 25 May, according to research from AIG Europe.

AIG head of cyber for Europe, the Middle East and Africa Mark Camillo warned that GDPR would become “another tool for negotiation by extortionists”.

He said: “They will threaten to compromise an organisation’s data unless a payment is received, knowing that the consequences could be more significant under the new regime.

“Companies will be more inclined to report breaches, leading to an increased impact on the volume of cyber claims.”

According to Camillo this was seen in the US after state breach notification laws came into effect.

Claims
The insurer noted that 2017 was a record breaking year for cyber claims, with as many notifications as in the previous four years combined.

The cyber claims report, which was published today (24 May), found that 26% of cyber claims came from ransomware.

Other common breach types include data breach by hackers, security failure/unauthorised access, impersonation fraud and employee negligence.

Camillo commented: “In 2017 we saw a series of sophisticated, systemic malware and ransomware attacks, including WannaCry and NotPetya.

“The resulting business interruption was a significant issue for many European organisations – much of the financial impact was a balance sheet loss.”

He continued: “While ransom payments only generated around $150,000 (£112,300), total economic losses associated with WannaCry are estimated at $8bn, with half a billion dollars attributed to direct costs and indirect business disruption. The majority of these losses were underinsured.”

Threats
AIG noted that the report showed that no sector is immune to cyber-attack, however professional and financial services topped the list.

Insurance Age hosted a full website takeover dedicated to cyber insurance on 26 April, in association with Aviva, with the aim of helping brokers understand cyber threats.

Ahead of GDPR coming into force, Insurance Age has also asked experts to explain the new rules and what brokers can and cannot do in their marketing under the new regime.

For all the latest industry news direct to your inbox, sign up for our daily newsletter.