Filed Under:Markets, Reinsurance

Is cyber insurance prepared for GDPR?

A conversation with BitSight's Jake Olcott on the GDPR and cyber insurance

The EU's General Data Protection Regulation (GDPR) is set to take effect May 25, 2018, and research says many companies are not yet fully compliant. (Photo: Shutterstock)
The EU's General Data Protection Regulation (GDPR) is set to take effect May 25, 2018, and research says many companies are not yet fully compliant. (Photo: Shutterstock)

The European Union’s General Data Protection Regulation (GDPR) was adopted in 2016 to strengthen data protection procedures and practices.

All companies established or operating in the EU must comply, causing companies to evaluate their data security standards to meet compliance by the May 25, 2018 deadline.

Cyber insurers are also anticipating a shift in both coverage demand and long-term incident reporting.

New regs

As EU and U.S. companies reevaluate their data security posture to prepare for the new regulations, and assess the hefty fines attached to GDPR laws, having a cyber insurance policy has become more attractive, says BitSight Technology’s Vice President Jake Olcott.

Related: Cyber risk management a top priority as companies prepare for GDPR, study says

In a conversation with, Olcott offered insight into the long-term impacts of GDPR on cyber insurers and underwriters, both in the EU and here in the U.S.

Olcott says the reason why GDPR is such a big deal is because of the fines. It will be much more expensive than existing regulations, as the maximum fine for not complying with the GDPR is €20,000,000 (roughly $23.7 million US) or 4 percent of a company’s worldwide revenue (not profit), whichever is greater.

The concern is cyber insurance policies as they are written today won’t cover GDPR fines. Olcott says for carriers and brokers, the question is, “What does this new regulation mean?”

Coverage for fines?

“It means there are a lot more companies that will be focused on cyber insurance and buying cyber insurance policies, which is great. But there is a concern that policies the way they are written today may not allow insurance companies to cover GDPR fines.”

Olcott recently penned a blog post on how and why U.S. businesses should prepare for the GDPR, and in a separate write-up, provided an 8-part checklist of tasks to prepare for compliance to the pending regulation.

BitSight Technology is a security ratings company that offers data analytics and security software, helping companies manage third party risk, underwrite cyber insurance policies, benchmark security performance & assess aggregate risk. BitSight offers guidance on GDPR compliance with their report “A Risk Manager’s Guide to the General Data Protection Regulation (GDPR).”  

Olcott says certain industry sectors are more prepared for the GDPR than others. In this Risk Manager’s Guide, BitSight lists 6 ways companies can prepare for the GDPR.  

Related: 3 best practices for a layered cybersecurity program

6 proactive ways to prepare your organization for the GDPR


1. Find technology solutions and helpful resources that will help you solve GDPR-related issues.

2. Create an in-depth plan for third-party risk.

3. Modulate your GDPR program.

4. Begin your GDPR compliance program by addressing the vast majority of the GDPR that is clear — not the small minority of it that is not.

5. Ensure you have appropriate security controls in place for your data.

6. Use quality metrics to support your decisions and demonstrate your progress.

You can read about these 6 steps in detail in BitSight’s Risk Manager’s Guide to the General Data Protection Regulation (GDPR).

Related: Cyber ready: Companies prep for GDPR compliance

Featured Video

Most Recent Videos

Video Library ››

Top Story

20 safest airlines to fly with in 2018

To recognize those leading the way, released its annual list of the world's safest airlines. Of the 409 airlines it monitors, 20 stand out as the 'best of the best.'

Top Story

11 ways cars will be smarter in 2018

Connected vehicle technology, better electric batteries, and 'infotainment' systems are just three of the trends for insurers and claims specialists to watch.

More Resources


eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.