Within the cyber insurance industry, 2019 marked the start of a period of significant ransomware attacks. An accompanying surge in frequency and severity of claims resulted. Likewise, the depth and complexity of the ransomware attacks graduated from a lockdown of systems with a modest payment demand to double and even triple exfiltration and soaring ransom demands.  

With all of the attention devoted to this threat vector, it is important not to lose sight of other causes of claims that can impact insureds and insurers. One such area is privacy regulation. In 2021, significant legislation was updated, passed, and/or proposed. The potential of claims arising from noncompliance with these regulations cannot be ignored.

In her white paper, Munich Re US' Senior Cyber Underwriter Amy Pines, JD, RPLU, CPLP explores the history and evolution of privacy regulations, including recent key enforcement actions, verdicts and settlements, and recommendations for insureds on how to address the incredibly complicated regulatory rubric.