As a sector intrinsically tied to digital technology, cyber insurance is known for its dynamic and evolving nature. In 2019, the cyber insurance industry began to grapple with multiple headwinds including record General Data Protection Regulation (GDPR) fines, the introduction of new privacy regulations and systemic ransomware claims.
In this fast paced digital age, businesses have the capacity to collect a tremendous amount of personal information to support their strategies. Customers expect and trust that financial institutions will keep their personal information safe and use it appropriately. However, reorienting the way an organization considers privacy and embeds privacy-thinking into the business is a significant challenge.
In 2019, Guy Carpenter-affiliate Oliver Wyman published the paper “Data Privacy: Growing Expectations (And Risk) For Financial Institutions,” which included five no-regrets steps that organizations can take to get ahead on data privacy risk management.
The next frontier in this conversation is about operationalizing the privacy risk management program successfully across multiple functions and teams. There are many enablers to a successful program. Some are technical, such as putting in place an adequate systems and data architecture to meet the program’s needs. Others have to do with governance, organization and responsibilities—and this is the focus of this paper, “Privacy First.” Oliver Wyman outlines a clear strategy to operationalize a firm’s privacy program and meet today’s challenges.
Many companies are struggling to put holistic programs in place that comprehensively address privacy concerns across all the key functions of the business. Along with the business lines, teams such as data governance, information security, cyber risk management and third-party risk management need to coordinate their actions and responses with privacy.
Neglecting this responsibility poses a significant risk with increasing regulatory, legal and ultimately reputational impact. The industry needs to be both proactive and preemptive in understanding how information is being used, storing only as much as strictly necessary, and keeping data safe from loss and theft.
Contributors to the report include Oliver Wyman colleagues Elena Belov, Partner, Financial Services and Organizational Effectiveness, Allen Meyer, Partner and Americas Compliance Practice Head and Paul Mee, Partner, Digital and Financial Services and Cyber Platform Lead, among others.
The reinsurance sector has shown itself to be well versed at navigating market-changing events, and Guy Carpenter’s multi-dimensional approach allows us to review many different views of our cyber risk, quantify our exposures and manage accumulations.