Cybersecurity has become a growing concern for businesses of all sizes, as the frequency and severity of cyber attacks continue to increase. In response, insurance companies have begun offering cybersecurity insurance policies to help mitigate the financial impact of a data breach or cyber attack. However, changes in state and federal regulations are now affecting the landscape for cybersecurity insurance and claims.
One major change is the implementation of state data breach notification laws, which require businesses to notify individuals and/or the state attorney general in the event of a data breach. These laws vary from state to state, but they generally require businesses to notify affected individuals and/or the state attorney general within a certain timeframe, typically 30 to 60 days, after a data breach has occurred. This can have a significant impact on cybersecurity insurance claims, as businesses may be required to notify individuals and/or the state attorney general before they can file a claim with their insurance provider.
Another change that is affecting the landscape for cybersecurity insurance and claims is the European Union’s General Data Protection Regulation (GDPR). The GDPR, which went into effect in May 2018, applies to any company that processes personal data of EU citizens, regardless of where the company is located. The GDPR requires companies to have appropriate security measures in place to protect personal data, and it also gives individuals more rights and control over their personal data. The GDPR also has significant fines for companies that fail to comply with the regulation, which can have a big impact on cybersecurity insurance claims.
The Federal government also is enacting regulations, such as The Cybersecurity Information Sharing Act (CISA), which signed into law in December 2015, encourages the sharing of information about cybersecurity threats between the government and private sector. This act is intended to improve the overall cybersecurity of the U.S. by providing a legal framework for sharing information about cyber threats and vulnerabilities, and also it provides some protection for companies that share information with the government.
Don’t get caught unprotected. Changes in state and federal regulations are affecting the landscape for cybersecurity insurance and claims. Businesses should be aware of these changes and take steps to ensure they are in compliance with state and federal regulations, as non-compliance can have a significant impact on their ability to file a cybersecurity insurance claim. It is also important for businesses to review their cybersecurity insurance policies to ensure they are properly protected in the event of a data breach or cyber attack.