The discussion paper from Lockton, a major specialist insurance and risk analysis firm, says that a strategy of non-notification, where this is allowed under current regulatory requirements, is creating a negative situation surrounding data security across Europe.
As a result, the firm says that its paper – written by two of the independent and privately owned broker's global technology and privacy risks experts, Emily Freeman and Ben Beeson – notes that there are strong indications that Europe is at a tipping point in its legal and regulatory environment surrounding data breaches.
According to Lockton, the paper – titled 'Exposed in Europe: Data Breaches and Their Impact in a Changing Legal and Regulatory Environment' – comes just a few days after the UK's coalition government produced a new national security strategy that ranks cyberattack and cybercrime as a high-priority risk.
The eight-page paper advises organisations to consider the potential implications of the E-Privacy Directive 2002/58/EC – due to come into effect shortly – which will introduce obligations on internet service providers and telecoms companies to notify the authorities and potentially affected individuals of a data breach.
The paper quotes figures released by the privacy, data protection and information security analysts at the Ponemon Institute, which show that whilst the UK still lags way behind the US in terms of the loss accrued by business resulting from data breaches, other parts of Europe, Germany in particular, are rapidly catching up.
The paper concludes: "No organisation can ultimately make itself invulnerable to the actions of a malicious insider with trusted access, either as an employee or an employee of a key vendor. [But] beyond internal risk management, there is now an increasing array of cyber insurance solutions available in the US, London and European insurance market that can help offset some of the specific costs of a data breach."