A New Law Causes High Cyber Insurance Demand in Europe

A new European Union Legislation on data privacy is ramping up the demand for cyber insurance after the high profile breaches suffered by TalkTalk and Experian earlier this year.

This week, the European Union has vetoed the change of legacy data protection laws that were far outdated. Now, companies are mandated to report data breaches that could potentially be harmful for customers or individuals, within 72 hours of the breach.

Arguably, the change in rules was one borne out of necessity, after many European companies have pushed the issue of cybersecurity under the rug, even more-so when breaches occur, as reported by Forbes.

However, the mere anticipation of the change in European laws has already seen demand for cyber insurance surge, according to Paul Bantick at insurance group Beazley.

We have seen clients buying policies because they know that this is coming. Breachse are going to get more expensive, they are going to get more complex and they (clients) want insurers to help with both of those issues.

Globally the cyber insurance market is expected to double to $5 billion in annual premiums alone within the next three years, come 2018. PriceWaterCoopers estimates this figure to reach $7.5 billion by the turn of the decade.

Julia Graham, technical director at Airmic, a trade body based in the UK explains who the early adopters of cybersecurity insurance are:

There is a small but perceptible increase. The sectors that are more sophisticated – financial services, law, tech companies, pharma companies – those are the early entrants.

The big established insurers already operating in the American cyber insurance market include Hiscox, Ergo, Zurich Insurance and Axa. The U.S. market alone has gained gross written premiums totaling $2.75 billion this year, with the growth surge showing itself to be more than a third from what it was this time last year.

Before 2002, there was nearly no cyber insurance market at all, with the first ever law requiring companies to notify clients and customers of a breach involving personal information, coming into effect in the same year.