Share

Related Links

  • Lockton
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories

News

European organisations living on borrowed time if they fail at data breach notification, says insurer

10 February 2011

A white paper just published claims that organisations that choose not to notify on data breaches are living on borrowed time.

The discussion paper from Lockton, a major specialist insurance and risk analysis firm, says that a strategy of non-notification, where this is allowed under current regulatory requirements, is creating a negative situation surrounding data security across Europe.

As a result, the firm says that its paper – written by two of the independent and privately owned broker's global technology and privacy risks experts, Emily Freeman and Ben Beeson – notes that there are strong indications that Europe is at a tipping point in its legal and regulatory environment surrounding data breaches.

According to Lockton, the paper – titled 'Exposed in Europe: Data Breaches and Their Impact in a Changing Legal and Regulatory Environment' – comes just a few days after the UK's coalition government produced a new national security strategy that ranks cyberattack and cybercrime as a high-priority risk.

The eight-page paper advises organisations to consider the potential implications of the E-Privacy Directive 2002/58/EC – due to come into effect shortly – which will introduce obligations on internet service providers and telecoms companies to notify the authorities and potentially affected individuals of a data breach.

The paper quotes figures released by the privacy, data protection and information security analysts at the Ponemon Institute, which show that whilst the UK still lags way behind the US in terms of the loss accrued by business resulting from data breaches, other parts of Europe, Germany in particular, are rapidly catching up.

The paper concludes: "No organisation can ultimately make itself invulnerable to the actions of a malicious insider with trusted access, either as an employee or an employee of a key vendor. [But] beyond internal risk management, there is now an increasing array of cyber insurance solutions available in the US, London and European insurance market that can help offset some of the specific costs of a data breach."

This article is featured in:
Compliance and Policy  •  Data Loss  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×