By: Leonardo Neri
Taking out insurance to mitigate financial risks is essential in a mergers and acquisitions (M&A) process. These insurance policies are usually aimed at protecting the Data Protection Officer or even the Controller, and the main points covered are:
• Responsibility for privacy;
• Responsibility for network security;
• Responsibility for electronic content;
• Cyberextortion;
• Losses of digital assets;
• Loss of profits / Due to business interruption – resulting from a cyber risk.
It is worth noting that no company is immune to cyberattacks. Likewise, there is no policy that covers all the risks involved. Examples of business insurance:
• Cyber Liability and Data Protection Insurance;
• Fraud Insurance; etc.
For the DPO:
• Professional Liability Insurance;
• Directors’ Liability Insurance;
• Kidnapping Insurance;
• Personal Image Management Insurance, etc.
One point of attention for the DPO is to require a third-party cyber risk insurance policy, in addition to an adequate privacy policy, especially for third parties who have access to sensitive data.
It is better that the partner's insurance policy is activated, and not the DPO's company policy, even though there are insurance policies that cover this area and future right of return.
It is also important to check whether key suppliers have cyber attack insurance. This applies especially to key suppliers in the event of operational interruptions and system fires, where there is a dependency on the supply of raw materials.