A new French law, which kicks in April 24, requires companies to report cyber incidents to authorities within 72 hours or lose their eligibility for cyber insurance reimbursement.

Qu’est-ce qui pourrait mal se passer?

Well, there are a few little issues to iron out, say industry observers. Such as:

*Report the incidents to whom? There appear to be at least two French government agencies that could take the reports.

*Report the incidents when? Is it 72 hours after the company determines it’s had a security incident, or within 72 hours of the event occurring?

*Report the incidents where? What if a French company is hacked “in” a foreign country where it’s covered by a foreign insurance company? Must they report to French authorities (once they figure out which agency is supposed to get the reports)?

Source: French Cyber Insurance Law Provokes Uncertainty

Sacre Bleu! New French Cyber Law Makes US Regs Look Clear In Comparison

Drive Efficiency—Reduce Costs—Harness AI: Revolutionising the claims function with a blend of people and technology

Cyber Risk & Insurance Innovation Europe

Related Posts