To insure, or not to insure, that is the question…

By Elodie Ellingsen, Data Privacy Officer

In partnership with RSA (Royal Sun Alliance), the second largest insurer in the UK, Winterhawk recently launched Cyber Risks and GDPR Insurance. Business-owners, CEOs and CFOs have been very receptive, perhaps not surprisingly – who isn’t looking for ways to reduce risk in a world where it’s increasingly difficult to feel “safe” regardless of your spend on software, education and other services.

I’m certainly not suggesting “do nothing about GDPR” or “just get insurance, it’ll solve all your problems.” That would be completely wrong. We’ve already seen some emotive posts from ‘GDPR Consultants’ selling GDPR services, and fellow DPOs who believe that insurance isn’t the answer – and they are right, it isn’t the complete answer any more than education services are.

Organisations need to consider a whole range of actions in order to be ready for 25th May 2018. Education & training – absolutely yes. Readiness & privacy assessments – again, yes. Having a Data Protection Officer – yes. Cyber Risks and GDPR Insurance – I wouldn’t want to be without it.

So, who needs this insurance?

Ask yourself, would you contemplate running a company without Public Liability Insurance? No – and it’s a legal requirement in the UK. Would you go without Professional Indemnity Insurance? Probably not. If you own a company, would you go without Directors’ Insurance? I know I wouldn’t. Or what about legal cover? Not a chance! You might buy Travel Insurance on an “as needed” basis, but any organisation with an international footprint wouldn’t dream of going without it.

If we are so willing to protect those areas of the business, then why aren’t we protecting the part of the business where we are the most vulnerable? In North America, Cyber Insurance has become relatively common-place in recent years, yet in Europe it’s been a slower burn. Now with GDPR enforcement coming in, and the risk of heavy fines, it just makes sense to have a policy that gives you a level of coverage to address that risk.

What does Cyber Risks and GDPR Insurance cover?
• Defence costs, fines & penalties (where legal)
• Loss of data: notification costs, identity & credit monitoring costs, civil liability, data restoration costs
• 24/7 incident response
• IT Forensics
• Public Relations support and advice
• Legal advice
• Cyber extortion
• Cyber business interruption

The more organisations do now, the better their position and (logically) the lower their insurance risks will be too. Just like with any insurance policy, lower claims typically mean lower premiums.

In a world where an increasing number of individuals are claiming to be GDPR “experts” be sure that you are engaging with reputable firms and consultants.

For more information about Cyber Risks and GDPR Insurance, call our specialist brokers Lansdowne Woodward on (+44) 01202 874 989. You can also email us at with any questions or to arrange a call back.