How ready are you and your practice for the impending GDPR, which comes into force on 25th May? If you have already carried out your due diligence in preparation for the new General Data Protection Regulation, you will likely have some concerns over the effects that Cyber crime might have on your practice, and how GDPR fines could further increase this.
Is your practice ready for GDPR on 25 May?
As dental and medical practices are putting into place measures to comply with GDPR, many are realising the amount of specialist knowledge and guidance needed to get it right.
In these cases, Cyber liability insurance is becoming a lifeline. Often taking out this insurance gives practices access to guidance on preparing for Cyber crime, which in turn helps them to comply with GDPR.
The Center for Strategic and International Studies estimates that Cyber crime now costs $400bn each year. Medical data is high on the wanted list for criminals and a report by IBM put healthcare as the top targeted industry in 2016, with 30 NHS trusts attacked by ransomware.
GDPR and Cyber crime
With new regulations including a 72 hour deadline for reporting a breach to the relevant authorities once you become aware of it, and strict guidelines around consent to process data and contact people, smaller businesses will likely struggle with having the internal resource and knowledge to handle this.
With fines of 4% of annual turnover or €20million for a serious data breach, plus reputation damage and other costs, there really is a good reason to take data protection, and Cyber crime seriously.
Keeping personal data safe is a key objective of the GDPR and managing Cyber security is a key aspect of this – as many medical practices have found out through breaches, such as WannaCry. There are a number of GDPR challenges to solve, and avoiding fines requires an adequate level of protection.
If you do consider insurance as part of your protection plan, you should understand what is and is not covered under your professional indemnity policy. Cyber liability insurance provides a much wider scope of protection in respect of Cyber risk.
Insuring Cyber liability
Cyber insurance is relatively new in comparison to established, every day covers like home insurance. This makes it harder to evaluate and price the risk. Insurers assess a business based on criteria such as
- How seriously the Board takes Cyber security risk
- What IT security and processes are in place, such as software updates, data encryption and an
- ti-virus protection
- Type of business and potential losses from a Cyber breach
- Internal risk management processes in place, such as a disaster recovery plan.
Cyber liability insurance should not be seen as a tool that replaces properly managing Cyber risk. Lacking Cyber processes and defences could invalidate insurance, mean you are not considered an acceptable risk in the first place, and potentially lead to huge fines if found in breach of GDPR rules.
Work in partnership with your insurer
You should consider your Cyber liability insurer and broker to be your partners. Work with them to bring your risk levels down and lower your premium.
Take advantage of specialist guidance and training sessions and protect your customer data and your practice. Insurers have an obligation, and an invested interest, in making sure you are armed with sufficient information and support to manage your risks.
To make sure your medical or dental practice is ready for GDPR and sufficiently protected from Cyber attacks, contact one of our specialist brokers today to discuss your requirements.