GDPR could help build a culture where protection of virtual assets is seen to be as important as locking the front door. Paul Dix, the vice president of insurance at CGI, explains the opportunities for insurers if this scenario works out.
A day doesn’t go by without yet another warning about the rise of cyber crime and the lack of awareness amongst the general public of the risks of doing business and running our lives on-line. If we assume that the general public includes us all then we have to assume that we are all at risk to some extent in both our personal and professional lives.
It is becoming increasingly apparent that state and criminally sponsored cyber-attacks are on the increase. The UK is the second most targeted country and most affected per capita accounting for 11% of the attacks that were reported, according to a survey recently published by Malwarebytes and reported in the national press this month.
It is even reported that financial institutions are beginning to stockpile Bitcoin in order to be able to respond quickly to any ransom demands. Maybe the recent peaks in Bitcoin value are an indicator of this concern.
As a technology company my employer regularly tests my reaction to these risks; but as we move into a riskier world, that will require more exposure of our failings to the general public and regulators, let’s makes 2018 the year where regulatory impetus shapes a different type of behaviour amongst us all.
The biggest regulatory driver this year will be the introduction of the General Data Protection Regulation in May.
Larger organisations have certainly started to appoint senior executives to data protection and privacy ownership roles. But smaller companies don’t seem to have gotten to grips with what they need to do to comply with GDPR. That’s a concern. Understanding the regulations is the key starting point – helping to calculate where best to deploy valuable technical resources.
There are many ways to tackle the technical challenges involved and undoubtedly GDPR will cause some disruption to the insurance industry. We’ve even heard it suggested that one way of dealing with the enormous changes would be to simply delete all customer data and start over. However, better advice is to keep in mind that GDPR is not altogether new territory. It builds on existing rules and dovetails with the whole area of data security.
The bigger challenge though is that the largest prize is to start to build a new culture where protection of virtual assets is seen to be as important as locking the front door or not walking alone down an unlit street was seen to be in the past.
This can lead to two possible benefits: firstly, if we can start to instil new behaviours into our working lives these will filter into our behaviours outside of work - as my opening remark implied we are members of the general public after all; and secondly, and here is the insurance opportunity, it might drive demand for improved risk protection products as part of a comprehensive insurance product for personal assets.
There needs to be a collegiate response – we cannot tackle crime by paying off the criminals.