Warning that GDPR will lead to a surge in insurance claims

2017 was a record year for cybersecurity-related claims, according to insurer AIG

GDPR “will become another tool for negotiation by extortionists,” according to AIG

GDPR “will become another tool for negotiation by extortionists,” according to AIG


After a record number of cybersecurity-related insurance claims in 2017, insurers are bracing themselves for a further surge in incidents this year with the introduction of the General Data Protection Regulation (GDPR), which comes into effect from today.

Mark Camillo, head of cyber for Europe, the Middle East and Asia (EMEA) at insurer AIG, has warned the arrival of the GDPR “will become another tool for negotiation by extortionists.”

“They will threaten to compromise an organisation’s data unless a payment is received, knowing that the consequences could be more significant under the new regime,” said Mr Camillo.

He was speaking as the insurer revealed that as many cybercrime-related claims were made in 2017 as in the previous four years combined.

Overall, an average of one claim per working day was submitted to the insurer in 2017. The insurer expects the new data regulation could lead to a flood of new claims this year however.

Ransomware was the most common cybercrime reported last year with more than a quarter of European claims received by the insurer relating to this, as against 16 per cent a year earlier.

Some 12 per cent of claims related to data breaches by hackers with 11 per cent coming from either a security failure and/or unauthorised access. Impersonal fraud accounted for 9 per cent of claims.

While the proportion of claims due employee negligence fell marginally to 7 per cent in 2017, human error continues to be a significant factor in the majority of cyber claims.

Louise Kidd, head of liabilities and financial lines for AIG Ireland warned that no industry sector is immune to a cyberattack.

A separate report from Apex Insurance forecasts substantial growth in the number of companies taking out cybercrime-specific insurance policies over the next 12-18 months.

Theo Hoare, managing director at Apex Insurance Ireland said just 10 per cent of Irish SMEs currently have financial protections in place to rely on in the event of a cyberattack.

“As recently as 12 months ago, most people only thought to take out cover on the back of a cyberattack or attempted attack, whereas now people making an effort to safeguard their business before any such attempts take place,” he said.