Latest News

Northern Ireland's House Price Index continues to rise

10 December 2018

Northern Ireland's latest quarterly figures, released by Land and Property Services, evidence the continuing growth in the sales market in Northern Ireland as a whole. Read More...

James Brokenshire unveils action plan to combat rough sleeping

10 December 2018

Communities Secretary, James Brokenshire MP, has unveiled the Government’s next steps to help people off the streets and meet its target to end rough sleeping for good by 2027. Read More...

 

 

GDPR: the threat is real

Monday 19 November 2018

The General Data Protection Regulation (GDPR) might seem like old news, but don't become complacent as the threat of an attack is still very real.

According to Government's Cyber Security Breaches Survey 2018, cybercrime now accounts for nearly 50 per cent of all crimes in the UK, with large scale data breaches becoming increasingly more frequent in the past few years.

And with potential threats by sophisticated criminals and their continuously evolving methods growing, the loss of high value data is more common than you think - 66 per cent of SMEs reporting a cyber breach or attack in the last year.

But the risk isn't limited to data loss, as the introduction of GDPR also added new risks for companies should they experience a cyber attack, and the news in the summer that the details of 380,000 payments were compromised via British Airways' served as a reminder to companies that the threat of a cyber attack is real for businesses of all sizes, which must be taken seriously, whether they hold employee records or customer information.

In line with the regulations, businesses must be able to demonstrate they are adequately protecting the data they hold on individuals and report a breach to the Information Commissioner’s Office (ICO) within 72 hours of discovery or they could face extreme penalties.

Now it’s likely that in this case the ICO would have asked questions about the methods used to protect customer information, and how criminals were able to locate and extract supposedly encrypted credit card information. But as one of the first major incidents fully in scope of the expanded GDPR requirements, involving notification of the ICO, affected individuals and the potential for significant litigation from individuals as well as fines of the organisation's global revenue, this incident could establish the benchmark response under GDPR, such as;

  • making senior leadership visible to the affected individuals and identify those who are able to handle media queries
  • put a quick response plan in place using an experienced breach response teams – customers informed less than 24 hours after the incident
  • establish a system of notification and compensation to affected individuals (credit monitoring and reimbursement of costs)
  • prepare for significant regulatory defence costs and penalties from the ICO
  • plan for likely class action style litigation from affected individuals

Gallagher assists clients, from start ups to PLCs, to help prepare for and recover from incidents and transfer the cost to the specialist cyber insurance market through our products that cover all of the above costs and services.

For more information, contact Gallagher, the Propertymark insurance broking partner on 0800 288 4921 or email propertymark@ajg.com.