While some businesses might believe they would escape tougher cyber regulations if Britain votes to leave the EU, experts have warned this may not be the case. Whatever the result of the vote, insurers will most likely be seeing changing cyber regulations soon.
Speaking at Beazley’s Hacked! Conference, head of the cyber risk and breach response team at international law firm DAC Beachcroft, Hans Allnutt, said a Brexit, if it happens, will ‘not let British businesses off the hook’.
Allnutt explained even if Britain leaves the EU, any businesses that operate in Europe would still be subject to regulations like the EU General Data Protection Regulation. The regulations would fine businesses that mishandle data breaches four per cent of their annual turnover, or €20 million.
If Britain does leave the EU, it would also certainly have to draft some form of similar regulation to stay globally competitive as demand for data security grows.
If it did draft its own legislation, Allnutt said Britain’s domestic regulator, the Information Commissioner’s Office, has a track record of campaigning for higher data protection standards. Allnutt said that that “a tightening of data protection regulation in Britain is inevitable regardless of the referendum outcome.”
His sentiments were echoed by Paul Bantick, Beazley’s European head of technology.
“Data breach insurance really took off in the US after it became clear that it was not just about financial compensation for loss, but more about mustering the right multi-faceted response to a data breach that will satisfy regulators and reassure customers,” said Bantick. “We expect to see much the same growth in demand in the UK, Brexit or no Brexit.”
Beazley Breach Response, the insurer’s breach response service for small and medium sized businesses, has handled more than 4,000 data breaches since 2009.
Andrew Barratt of Coalfire says cyber cover needs to be better advised
Cyber insurance warning as ransomware claims a £10,000 scalp