‘Lots to do’ to ensure Facebook meets European standards

Warning that GDPR will lead to a surge in insurance claims

The Data Protection Commission has "a lot of work to do" to ensure social media giant Facebook meets European standards, according to agency's head, Helen Dixon.

Ms Dixon, the Data Protection Commissioner, noted that the Irish watchdog was Facebook’s supervisory authority in the EU as the company has its European HQ in Dublin.

"It signifies that we have a lot of work to do in terms of the detail that we need to understand in order to ensure whether Facebook's platform and standards meet what we expect it to for data protection in Europe, " she said.

Ms Dixon was discussing Facebook chief executive, Mark Zuckerberg’s appearance before the European Parliament with US business broadcaster, CNBC.

Members quizzed Mr Zuckerberg about the about the recent Cambridge Analytica scandal, where data belonging to millions of its customers was leaked to third parties.

She pointed out that newspapers were disappointed with the detail that Mr Zuckerberg gave to parliamentarians.

The commissioner appeared on CNBC ahead of the introduction of tough new rules under the EU’s General Data Potection Regulation (GDPR).

Companies face fines of up to €20 million or 4 per cent of turnover for any breaches of the new data protection law.

Along with this, she said consumers can seek compensation for any damage they suffer as a result of data breaches.

Ms Dixon also explained that the Republic’s Data Protection Commission will publish details of any breaches it detects, resulting in “reputational damage” for companies as a result.

Meanwhile, after a record number of cybersecurity-related insurance claims in 2017, insurers are bracing themselves for a further surge in incidents this year with the introduction of the General Data Protection Regulation (GDPR), which comes into effect from today .

Mark Camillo, head of cyber for Europe, the Middle East and Asia (EMEA) at insurer AIG, has warned the arrival of the GDPR “will become another tool for negotiation by extortionists.”

“They will threaten to compromise an organisation’s data unless a payment is received, knowing that the consequences could be more significant under the new regime,” said Mr Camillo.

He was speaking as the insurer revealed that as many cybercrime-related claims were made in 2017 as in the previous four years combined.

Overall, an average of one claim per working day was submitted to the insurer in 2017. The insurer expects the new data regulation could lead to a flood of new claims this year however.

Ransomware was the most common cybercrime reported last year with more than a quarter of European claims received by the insurer relating to this, as against 16 per cent a year earlier.

Some 12 per cent of claims related to data breaches by hackers with 11 per cent coming from either a security failure and/or unauthorised access. Impersonal fraud accounted for 9 per cent of claims.

While the proportion of claims due employee negligence fell marginally to 7 per cent in 2017, human error continues to be a significant factor in the majority of cyber claims.

Louise Kidd, head of liabilities and financial lines for AIG Ireland warned that no industry sector is immune to a cyberattack.

A separate report from Apex Insurance forecasts substantial growth in the number of companies taking out cybercrime-specific insurance policies over the next 12-18 months.

Theo Hoare, managing director at Apex Insurance Ireland said just 10 per cent of Irish SMEs currently have financial protections in place to rely on in the event of a cyberattack.

“As recently as 12 months ago, most people only thought to take out cover on the back of a cyberattack or attempted attack, whereas now people making an effort to safeguard their business before any such attempts take place,” he said