5 Min Read

Cyber newsletter - January 2023

Read More

By Hans Allnutt and Patrick Hill

|

Published 30 January 2023

Overview

Welcome to the first 2023 edition of our Data And Cyber Bulletin, in which we look ahead to some of the key issues set to make an impact this year, as an extension of our firmwide predictions campaign.

We address significant issues affecting the cyber insurance market, including the introduction of new LMA war and cyber operation exclusions, and timely innovation found in the launch of the first cyber catastrophe bond. We also consider warnings from the Prudential Regulation Authority in their first Dear CEO letter of the year.

The issue of tracking cookies is also discussed, reviewing the impact of regulations around the world on consumer safeguarding and the possible phase out of third party cookie usage by large tech companies. We also examine the current challenges regarding the allocation of low value data breach claims in the County Court.

Looking beyond the UK, we consider the recent final rulings of the Irish Data Protection Commission against Meta in relation to GDPR violations, following intervention from the European Data Protection Board.

We also look at the publication of the NIS 2 Directive in the European Union, advancing its package of reforms aiming to strengthen cybersecurity, and giving Member States until October 2024 to make the changes required.

LMA publishes updated war and cyber operation exclusions
We discuss the recently published LMA clauses addressing war and cyber operations. Ranging from relatively straightforward exclusions and escalating in terms of complexity, we address some of the key changes.
READ MORE

Cyber cat bond represents an important addition to insurer’s armoury against systemic risk
We look at a welcome innovation in the cyber market, following the introduction of the first cyber catastrophe bond, which will help underpin ambitions for growth in cyber underwriting.
READ MORE

2023: The Cyber & Data Risk Horizon
We mark the launch of our Informed Insurance predictions, which include predictions for cyber, by giving readers a bonus of four more specific developments to look for in 2023.
READ MORE

Cookies are crumbling
We consider the regulatory position around tracking cookies, reviewing fines issued by regulators to those failing to comply with cookie legislation, and the possibility of the gradual withdrawal of third party cookies by large tech companies.
READ MORE

County Court grapples with low value data breach claims
We discuss the ongoing discussions in respect of the allocation of low value data breach claims in the County Court, and our experience in the factors that may be considered during this process.
READ MORE

“Probably the most significant [GDPR] enforcement decision to date” – summary of Ireland’s recent Facebook and Instagram rulings
We review the recent rulings from the Irish Data Protection Commission against Meta in relation to both Instagram and Facebook, and the process which followed objections to the draft findings of the Irish DPC.
READ MORE

NIS 2 Directive published as European Union strengthens cybersecurity frameworks
We analyse the changes introduced in the European Union to address current and emerging cybersecurity challenges via the NIS 2 Directive, and a brief consideration of the equivalent issues in the UK
READ MORE

Insurance supervision: Cyber risk highlighted
We review the first Dear CEO letter of the year from the Prudential Regulation Authority which specifically identified cyber as an area of ‘non-natural catastrophic risk’ which may require mitigation on the part of insurers to reduce the potential for outsize losses.
READ MORE

We hope you enjoy this month’s edition. Please do contact this month's authors if you have any questions.

Authors