Michael Best Partner Adrienne Ehrhardt was quoted in Corporate Counsel’s article, “Despite GDPR, Looks Like There's No Rush to Buy Cyberinsurance” on June 28, 2018.
The European Union’s General Data Protection Regulation, which officially went on the books May 25, has had companies around the world worried—and for good reason.
Failure to comply with the data privacy and security regulation, which is applicable to companies that handle and process EU citizens’ data, could lead to fines of up to four percent of a company’s global revenue or 20 million euros, whichever is higher.
Just two weeks before the GDPR deadline, there seemed to be a consensus that companies should be reviewing their cyberinsurance policies and if they didn’t already have a such a policy, they should get one.
Surprisingly though, companies don’t seem to be in a rush to purchase this type of protection from cyber liability.
Adrienne Ehrhardt, a partner at Michael, Best & Friedreich, said that there is still some uncertainty about whether cyberinsurance policies will cover the fines associated with the GDPR.
“One of the more obvious [reasons] is that I think there is uncertainty as to whether cyber insurance policy coverage [applies to] administrative fines under the GDPR,” Ehrhardt said. “I was talking to someone in the industry who seems pretty adamant that most policies don’t. If that’s the understanding of a lot of potential purchasers of that insurance, then I can see how most organizations are making the decision that it’s not worth their while.”
To read the entire Corporate Counsel article, click here.