What happens in one region could impact other regions around the world, including possible ripple effects to cover and policies. To help keep our policyholders stay informed, we regularly monitor legal and regulatory developments across the globe.
In Portugal, the Insurance and Pension Funds Supervisory Authority (ASF) has recently declared that insurance contracts indemnifying the ransom payment associated with cybercrimes are not legally permissible, due to violation of Portuguese civil law.
Australia will be implementing mandatory reporting requirements for ransomware. The government is keen to understand which organisations are being targeted because ransomware costs the Australian economy up to AU$3 billion (USD$1.9 billion) in annual damages.
France has also implemented mandatory reporting requirements, but only for cybersecurity incidents covered by a cyber policy. The law requires insureds to file a complaint within 72 hours of becoming aware of a system compromise.
In the US, under the SEC’s new cybersecurity disclosure rule, public companies must now disclose the existence of key details surrounding a cybersecurity incident within four business days of determining the incident is material.
Additionally, the FBI has announced that it will increase the number of agents deployed to American embassies to focus on cyber-related crime. This increase will bring the total number of agents in foreign countries to 22 and is designed to improve the FBI’s efforts to combat international cybercrime.
In addition to country-specific legislation, on 8 December 2023, a political agreement was reached on the terms of the European Union Artificial Intelligence Act (the “EU AI Act”). Once the final text is made public, we will be able to assess the possible impact that it will have on clients and their cyber insurance policies.Sandra ColeFocus Group Leader - London and International Cyber - Claims
Data presented in this Cyber Services Snapshot is derived from global incidents reported to Beazley between 2021 and 2023.
The information set forth in this communication is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Although reasonable care has been taken in preparing the information set forth in this communication, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. Non-insurance products and services are provided by non-insurance company Beazley affiliates and independent third parties. Separate terms and conditions may apply.