UK Dings Marriott

legacy-blog-title-background-1One of the big stories in cyber insurance this week centers on the report about being 'under the gun' by EU regulators for a data breach.

There’s been a ton of coverage on this, such as this report on TechCrunch and CNN's "Marriott is the Target."

Potentially exposing personal information on up to 383-million guests, this is a Biggie that EU regulators assessed at $123-million.

Or, is it so big?

On the face of it, this is a mere slap: US$ 0.32 per record if you use the total exposed records cost. But, that’s anywhere near the real cost of damage.

You see, this breach, discovered in 2018 had been underway from 2014. What’s more, it likely cost Marriott throwing away a whole Starwood data reservation system. It’s what you do when regulators are on your case about 30-million hotel guests from the European Union who may have had their personal and credit data exposed.

Which gets us to the points:

The first is, the cost-per-breached record isn’t 32.11 cents a pop. The EU penalty is for their 30-million guests. That pencils out to $4.10 per record. The data and reservation system costs will likely show up in a Marriott notes to the financial statement.

The second point is this:

Keep a sharp eye on what happens with the European Union regulators: They work like this, as TechCrunch reported:

"Under the new GDPR regime, the ICO has the right to fine up to 4% of a company’s annual turnover. Given Marriott made about $3.6 billion in revenue during 2018, the ICO’s fine represents about 3% of the company’s global revenue."

There has been some misunderstanding of the EU's GDPR and global revenue.

The key thing is the EU has an odd way of calculating things (ask Google!). They use 4% of worldwide and say it's a basis for calculating their fines.

Other descriptions come to mind, but it does't matter. If you have a website reachable in Europe, you need to know the GDPR rules and the exposures.

You can read how to do that dance over on the EU website here. Or, you can schedule your free cyber security assessment with the Cyber-Armada team.

An ounce of insurance is worth a pound of fire, remember?

Topics: Data Breach Regulations GDPR

Stephen Years
Posted by Stephen Years on Jul 9, 2019

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment