Latest News

Government consult on extending AML rules

25 April 2019

On 15 April 2019, the UK Government launched a consultation on extending the anti-money laundering rules as set out in the Fifth Money Laundering Directive (5MLD). Read More...

Residential Agent Zone at FUTURE PropTech

24 April 2019

FUTURE PropTech has announced its conference programme for The Residential Agent Zone, which this year is brought to you in association with Tili Powered by Spark. Read More...



GDPR: the threat is real

Monday 19 November 2018

The General Data Protection Regulation (GDPR) might seem like old news, but don't become complacent as the threat of an attack is still very real.

According to Government's Cyber Security Breaches Survey 2018, cybercrime now accounts for nearly 50 per cent of all crimes in the UK, with large scale data breaches becoming increasingly more frequent in the past few years.

And with potential threats by sophisticated criminals and their continuously evolving methods growing, the loss of high value data is more common than you think - 66 per cent of SMEs reporting a cyber breach or attack in the last year.

But the risk isn't limited to data loss, as the introduction of GDPR also added new risks for companies should they experience a cyber attack, and the news in the summer that the details of 380,000 payments were compromised via British Airways' served as a reminder to companies that the threat of a cyber attack is real for businesses of all sizes, which must be taken seriously, whether they hold employee records or customer information.

In line with the regulations, businesses must be able to demonstrate they are adequately protecting the data they hold on individuals and report a breach to the Information Commissioner’s Office (ICO) within 72 hours of discovery or they could face extreme penalties.

Now it’s likely that in this case the ICO would have asked questions about the methods used to protect customer information, and how criminals were able to locate and extract supposedly encrypted credit card information. But as one of the first major incidents fully in scope of the expanded GDPR requirements, involving notification of the ICO, affected individuals and the potential for significant litigation from individuals as well as fines of the organisation's global revenue, this incident could establish the benchmark response under GDPR, such as;

  • making senior leadership visible to the affected individuals and identify those who are able to handle media queries
  • put a quick response plan in place using an experienced breach response teams – customers informed less than 24 hours after the incident
  • establish a system of notification and compensation to affected individuals (credit monitoring and reimbursement of costs)
  • prepare for significant regulatory defence costs and penalties from the ICO
  • plan for likely class action style litigation from affected individuals

Gallagher assists clients, from start ups to PLCs, to help prepare for and recover from incidents and transfer the cost to the specialist cyber insurance market through our products that cover all of the above costs and services.

For more information, contact Gallagher, the Propertymark insurance broking partner on 0800 288 4921 or email