Cyber Risk Legal Update - August 2015
August 2015 Cyber Risk legal update
Cyber Insurance, Privacy and Data Security Newsletter
With our sincerest apologies to Miss Jessie J, this month the newsletter is all about the money, money, money with cyber insurance rapidly becoming the new bling-bl-bling.
The estimated cost to the UK economy from cyber threats amounts to billions of pounds each year and has nearly doubled between 2013 and 2014.
Despite the increasing exposure and publicity it is estimated that only 20% of large enterprises and 6% of small to medium businesses purchase cyber insurance. However, ABI research suggests that this is set to change estimating that the cyber insurance market will reach US$10 billion by 2020 as risk managers seek to transfer the risk of escalating costs of cyber breaches.
The UK Government is also predicting that the cyber security industry will see significant growth near future and contribute to national prosperity. The UK Government's 2020 Export Drive forecast worldwide growth in the cyber security industry of approximately 20 per cent per annum. The Cyber Growth Partnership, supported by BIS, has a export target of £4bn by 2020.
Whilst it is unclear whether cyber insurance will be included in this particular export metric, it is hard to ignore the recent support for the cyber insurance market at the highest levels of government. The recent UK Government/Marsh cyber security report outlined the stepping stones towards achieving growth in the cyber insurance sector including: Lloyd's promotion of London market cyber insurance expertise overseas with UK Trade & Investment; and, a new multi-disciplinary taskforce set up by CityUK, aimed at bringing together different sectors to discuss a joint UK cyber offering related to insurance for export.
The future of the UK Government's role in the cyber insurance market does not stop at promotion but could stretch to participation. This month, Long Finance published a report on "Promoting UK Cyber Prosperity" and the future of cyber insurance, arguing that traditional insurance is currently unable to provide sufficient capacity to respond to the potential catastrophic financial exposures to a global, systemic cyber failure. The report, championed by Stephen Catlin, calls for insurers and the Government to find a dynamic solution to this lack of capacity. The report proposes the introduction of a public/private partnership along the lines of "Pool Re" (which deals with exposure to terrorist losses) to deal with the risk of cyber catastrophe in the UK. "Cyber Pool Re" would provide reinsurance cover for cyber events unavailable through traditional commercial markets. The report argues that such a scheme would not only improve UK cyber resilience but also improve UK competitiveness as an attractive economy to locate cyber business, and a place to source cyber-risk and security experts who have proven their financial, as well as technical, prowess.
All in all, the UK cyber insurance market looks certain to grow, ch-ching ch-ching. (link to Jessie J music video)
P.S. In April, we reported on the Court of Appeal judgment in Vidal-Hall v Google, which struck through s13(2) Data Protection Act 1998 and permitted victims of data breaches to pursue compensation for distress despite not suffering any financial damage. This month, the Supreme Court granted Google leave to appeal although we do not expect the Supreme Court to hear the matter before 2016. In the meantime, however, a remarkable group litigation action is forming to bring similar claims against Google. The group is expected to amass 10,000 claimants and seek £30m in damages. If anyone needed convincing of the emerging risks attaching to data protection and privacy, this case will surely do the trick.
Click the below headings to read more on each of the developments...
EU Data Protection Regulation Developments
Updates from around the World...
For more information on DAC Beachcroft please contact:
Rhiannon Davies, Partner
+44 (0) 20 7894 6577
You might also like ...
The Right to be Forgotten isn't just a Google issue
When considering data protection, data losses tend to spring to mind. However, this year, the risks of holding data for too long have been at the fore.
The recently publicised "right to be forgotten" case saw the European Court of Justice rule that Google Spain was a data controller due to its capacity to find, index, store and make information available to the public on its website.