We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:



view more

Cybersecurity and the EU General Data Protection Regulation: The Time for Action Is Now


In less than a year, tough new rules on data protection will come into effect in the European Union.

For the first time, companies will be required to notify regulatory authorities, and potentially consumers, in the event of a significant cyber breach. In elevating the rights of consumers, the EU General Data Protection Regulation (GDPR) represents a sea change in how companies will have to operate – and many are not ready.

Oliver Wyman, a Marsh & McLennan Company, predicts that fines and penalties in the first year alone may total GBP5 billion – or more than GBP5 billion – for FTSE 100 companies. Adherence to GDPR will require senior management – and not solely IT departments – to assume greater responsibility for cybersecurity. This shift means more than drafting a new organisational chart. It represents a profound transformation in how industries retain, use, and manage data and how leaders understand, mitigate, and respond to cyber intrusions.

Even those companies that do not fall under the new regulation should take proactive measures to protect their businesses against a cyber breach.

Download the attached briefing to learn more.