UK Dings Marriott

Stephen Years
Posted by Stephen Years on Jul 9, 2019 10:08 AM

One of the big stories in cyber insurance this week centers on the report about being 'under the gun' by EU regulators for a data breach.

There’s been a ton of coverage on this, such as this report on TechCrunch and CNN's "Marriott is the Target."

Potentially exposing personal information on up to 383-million guests, this is a Biggie that EU regulators assessed at $123-million.

Or, is it so big?

On the face of it, this is a mere slap: US$ 0.32 per record if you use the total exposed records cost. But, that’s anywhere near the real cost of damage.

You see, this breach, discovered in 2018 had been underway from 2014. What’s more, it likely cost Marriott throwing away a whole Starwood data reservation system. It’s what you do when regulators are on your case about 30-million hotel guests from the European Union who may have had their personal and credit data exposed.

Which gets us to the points:

The first is, the cost-per-breached record isn’t 32.11 cents a pop. The EU penalty is for their 30-million guests. That pencils out to $4.10 per record. The data and reservation system costs will likely show up in a Marriott notes to the financial statement.

The second point is this:

Keep a sharp eye on what happens with the European Union regulators: They work like this, as TechCrunch reported:

"Under the new GDPR regime, the ICO has the right to fine up to 4% of a company’s annual turnover. Given Marriott made about $3.6 billion in revenue during 2018, the ICO’s fine represents about 3% of the company’s global revenue."

There has been some misunderstanding of the EU's GDPR and global revenue.

The key thing is the EU has an odd way of calculating things (ask Google!). They use 4% of worldwide and say it's a basis for calculating their fines.

Other descriptions come to mind, but it does't matter. If you have a website reachable in Europe, you need to know the GDPR rules and the exposures.

You can read how to do that dance over on the EU website here. Or, you can schedule your free cyber security assessment with the Cyber-Armada team.

An ounce of insurance is worth a pound of fire, remember?

Free Cyber Security Assessment

Contact Cyber Armada to talk about cyber insurance and receive a free cyber security assessment:

Executive Report

We’ve prepared an exclusive report that explains, in non-techie terms, the risks you face from cyber attacks - and most importantly, the costs.
Cyber Armada - indendent cyber insurance broker