Following the European Parliament’s adoption on 14 April of its EU Data Protection Reform package, aimed at strengthening EU citizens’ fundamental rights in the digital age and facilitating business by simplifying rules for companies, it is reported that the reforms are being widely welcomed by the cyber insurance industry.

The two-year implementation period for the General Data Protection Regulation in Member States has now begun, the reforms will likely see a further increase in the writing of such cover in the lead-up to implementation, especially as awareness is raised of the existence of cyber risk cover and the scope of such cover among European companies.

On the same day as the adoption of the reform package, the International Association of Insurance Supervisors (the IAIS) published a draft “Issues Paper” on cyber risk to the insurance sector itself. The paper notes that because insurers are reservoirs of confidential commercial data, they are “prime targets for cyber criminals who seek information that later can be used for financial gain through extortion, identity theft, or other criminal activities”. The IAIS highlights the important role that insurance supervisors worldwide have in enhancing cyber resilience and explains that it will itself monitor initiatives as they continue to evolve.

The draft Issues Paper can be located at and feedback is welcomed by the IAIS, by way of public consultation, until 13 May 2016.