Its implementation will hand individuals vastly increased powers over the way their personal data is collected and processed, including the much-discussed ‘right to be forgotten’. While the GDPR delivers significant advantages for consumers, it brings to the surface serious concerns for businesses, particularly relating to the financial implications that are associated with cyber breaches.

Find out more about cyber insurance at Lloyd's

Double-blow for business

Cyber breaches always lead to financial loss. This can be through lost customers, business downtime, or significant reputational damage and the GDPR will further raise the stakes for businesses at risk from a cyber breach. Organisations that fail to comply with the GDPR or experience a data breach could face fines of up to €20m (or 4% of its annual global turnover) in the most serious cases. Cyber-security experts NCC Group have estimated that fines from the Information Commissioner's Office (ICO) against UK companies last year would have been £69m rather than just £880,500 if the GDPR had been in force. This is not an insignificant difference, and the step up to a multi-million pound fine would be enough to put some companies out of business entirely. Put simply, the threat of cyber attack is still out there, but the potential implications are will be far more drastic in six months’ time.

Layers of protection

An obvious response by businesses to this increased threat is to increase spending on cyber security – building the protective walls higher. This is certainly an important step, and companies that can demonstrate they have taken steps to protect themselves from attack will be looked on more favourably by regulating authorities. However, the extent to which organisations can fully safeguard themselves from attack does have limits. A recent survey by Lloyd’s, Facing the Cyber Risk Challenge showed that 92% of European respondents said that their company had suffered a data breach over the past five years. A determined hacker can usually breach firewalls and other protective measures eventually, as demonstrated by high-profile breaches even of bodies such as The Pentagon. It is, to an extent, a matter of when and not if a business becomes a victim of a cyber-breach or attack. If it is not possible to guarantee your safety by building the walls higher, what do you do to mitigate the issue when they get in?

Softening the blow

For the majority of businesses, the scale and gravity of the fines that could be imposed under the GDPR in the event of a data breach are simply too heavy to absorb. Those companies that want to ensure they are best prepared should therefore look to mitigate the risks arising from a cyberattack, and reduce the cost of premiums, by partnering with a suitable cyber risk insurance specialist. Taking out insurance should now be seen as that first critical step. The benefits are wide-ranging for any providing long term consultancy, ensuring businesses are on the right side of regulation and that security issues are tackled in a holistic manner. Above all, by working with cyber security experts and insurers, businesses can better understand the risks they face and help mitigate them in order to protect not only their balance sheets but also their reputation.

All European businesses will be working hard in the coming months to ensure that they are fully compliant and ready for the GDPR. The new regulations present business with an opportunity to ensure that they have at their fingertips the expertise that will help protect them should a cyber attack strike, enabling them to concentrate on their consumers and day-to-day activity.