Cybersecurity Insurance to be Mandatory in EU in 2018

The EU has recently passed new data protection and security regulations that, once brought into effect in 2018, will oblige organizations to take out insurance policies and inform authorities in 72 hours should their networks be hacked, EurActiv informs.

In 2014, the US was reportedly the largest market for cybersecurity insurance “where premiums for those policies alone reached a gross $2 billion that year.” Despite demand for digital security, the European market is still catching up, with chances for growth by 2018.

“More and more insurance companies build models for calculating risks. And there is more and more a demand from the industry, which asks for insurance models,” ENISA director Udo Helmbrecht said.

ENISA (The European Union Agency for Network and Information Security) is an agency based in Greece that researches network security and information security problems. For 2016 their goal is looking into IoT and smart infrastructures.

The Organisation for Economic Co-operation and Development (OECD) will conduct cyber risk research to be released as reports by the end of the year. Because the market is still young, insurance companies might not properly evaluate risks when it comes to data breaches, said Mamiko Yoko-Arai, coordinator of the research at the OECD. She warned that attacks on SMEs could go as far as to eliminate them as their networks are more open to cyber criminals.