Global regulatory change is likely to influence behaviours
Global regulatory change is likely to influence behaviours
What happens in one region could impact other regions around the world, including possible ripple effects to cover and policies. To help keep our policyholders stay informed, we regularly monitor legal and regulatory developments across the globe.
Australia will be implementing mandatory reporting requirements for ransomware. The government is keen to understand which organisations are being targeted because ransomware costs the Australian economy up to AU$3 billion (USD$1.9 billion) in annual damages.
Francehas also implemented mandatory reporting requirements, but only for cybersecurity incidents covered by a cyber policy. The law requires insureds to file a complaint within 72 hours of becoming aware of a system compromise.
In the US, under the SEC’s new cybersecurity disclosure rule, public companies must now disclose the existence of key details surrounding a cybersecurity incident within four business days of determining the incident is material.
Additionally, the FBI has announced that it will increase the number of agents deployed to American embassies to focus on cyber-related crime. This increase will bring the total number of agents in foreign countries to 22 and is designed to improve the FBI’s efforts to combat international cybercrime.
In addition to country-specific legislation, on 8 December 2023, a political agreement was reached on the terms of the European Union Artificial Intelligence Act (the “EU AI Act”). Once the final text is made public, we will be able to assess the possible impact that it will have on clients and their cyber insurance policies.