Zurich Insurance offers North American employers GDPR cover

Zurich Insurance offers North American employers GDPR cover
12 Oct 2018

Zurich Insurance Group is launching a North American cyber policy that covers the costs of network security monitoring and pre-breach services as well as regulatory enforcement actions under the European Union’s General Data Protection Regulation (GDPR).

The new policy replaces the firm’s former security and privacy offering and brings together coverage that was previously available only through endorsements. Cover is provided up to US$25 million and includes temporary employees, volunteers or interns, if required. Its definition of computer systems is also broad, including industrial control systems and bring-your-own-device schemes.

Paul Horgan, Zurich’s New York-based head of North America commercial insurance, told Business Insurance: “We think the best way to protect against cyber is to have a dedicated cyber policy with dedicated limits and language tied to the coverage so there’s real clarity of intent. We’re really becoming more and more convinced that a dedicated policy with dedicated limits and very clear language is the right way to make sure the coverage is provided to the customer as it allows for a quick response on the claim and minimises any disputes.”

The policy is available in North America through the firm’s speciality errors and omissions, wholesale and Canadian underwriting teams. As well as traditional cover, such as breach costs, it also includes protection that was previously unavailable, such as affirmative cover for regulatory proceedings, assessments, fines and penalties associated with enforcement of the GDPR.

Under the new European data protection legislation, “the real threat isn’t necessarily the legislation and the occasional person who opts out”, said Horgan. Instead it is the “shock event that causes a significant part of the population to ask to have their data deleted”.

But such events in today’s environment, “where companies are outsourcing and using third-party vendors to support their businesses, if they can’t share data, it really does jeopardise some of the business models that are out there today”, he added.

Horgan also warned: “This is not a European issue. It is absolutely coming to a neighbourhood near you.”

Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

Nielsen sued for alleged inaccurate statements on GDPR-readiness

Seven tips for getting on top of GDPR

Webinar: GDPR has arrived - what next?

Zurich Insurance Group is launching a North American cyber policy that covers the costs of network security monitoring and pre-breach services as well as regulatory enforcement actions under the European Union’s General Data Protection Regulation (GDPR).

The new policy replaces the firm’s former security and privacy offering and brings together coverage that was previously available only through endorsements. Cover is provided up to US$25 million and includes temporary employees, volunteers or interns, if required. Its definition of computer systems is also broad, including industrial control systems and bring-your-own-device schemes.

Paul Horgan, Zurich’s New York-based head of North America commercial insurance, told Business Insurance: “We think the best way to protect against cyber is to have a dedicated cyber policy with dedicated limits and language tied to the coverage so there’s real clarity of intent. We’re really becoming more and more convinced that a dedicated policy with dedicated limits and very clear language is the right way to make sure the coverage is provided to the customer as it allows for a quick response on the claim and minimises any disputes.”

The policy is available in North America through the firm’s speciality errors and omissions, wholesale and Canadian underwriting teams. As well as traditional cover, such as breach costs, it also includes protection that was previously unavailable, such as affirmative cover for regulatory proceedings, assessments, fines and penalties associated with enforcement of the GDPR.

Under the new European data protection legislation, “the real threat isn’t necessarily the legislation and the occasional person who opts out”, said Horgan. Instead it is the “shock event that causes a significant part of the population to ask to have their data deleted”.

But such events in today’s environment, “where companies are outsourcing and using third-party vendors to support their businesses, if they can’t share data, it really does jeopardise some of the business models that are out there today”, he added.

Horgan also warned: “This is not a European issue. It is absolutely coming to a neighbourhood near you.”

Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

Nielsen sued for alleged inaccurate statements on GDPR-readiness

Seven tips for getting on top of GDPR

Webinar: GDPR has arrived - what next?