Cybersecurity and the EU General Data Protection Regulation: The Time for Action Is Now

Peter Beshar

Executive Vice President and General Counsel of Marsh & McLennan Companies

In less than a year, tough new rules on data protection will come into effect in the European Union.  For the first time, companies will be required to notify regulatory authorities, and potentially consumers, in the event of a significant cyber breach.  In elevating the rights of consumers, the EU General Data Protection Regulation (GDPR) represents a sea change in how companies will have to operate – and many are not ready.

Oliver Wyman, a Marsh & McLennan Company, predicts that fines and penalties in the first year alone may total £5 billion – or more than $6 billion – for FTSE 100 companies.  Adherence to GDPR will require senior management – and not solely IT departments – to assume greater responsibility for cybersecurity.  This shift means more than drafting a new organizational chart.  It represents a profound transformation in how industries retain, use, and manage data and how leaders understand, mitigate, and respond to cyber intrusions.

Even those companies that do not fall under the new regulation should take proactive measures to protect their businesses against a cyber breach.

Download the attached briefing to learn more.