Coalition, the San Francisco-based managing general agency that specializes in cyber insurance for small and midsized businesses, announced it is broadening coverage to include exposures to violations of the European Union’s General Data Protection Regulation (GDPR).

Specifically, Coalition is now offering full-spectrum coverage to help businesses comply with regulations, protect against alleged violations, and pay resulting expenses and penalties. For the time being, said a company representative, the coverage is focused on U.S. small and medium-sized enterprises (SMEs).

The ramifications of GDPR are widespread, and can impact businesses regardless of their location, size, or financial health, said Coalition, explaining that if a company offers goods or services to, or collects data about, an EU citizen, it must comply with the law.

Failure to comply with GDPR can be a costly proposition: penalties may be assessed at 4 percent of an organization’s annual global revenue or 20 million euros, whichever is higher.

“GDPR is complex and violations can arise even when there has been no breach of protected information. Companies can be fined simply for failing to comply with the terms of their own privacy policy. Many cyber insurance policies miss this exposure,” said Joshua Motta, co-founder and CEO of Coalition.

“Coalition’s policy will now not only respond with broad coverage for any resulting costs and liability, including GDPR violations, resulting from a security failure or data breach, but also protect organizations against their failure to comply with broader GDPR enforcement actions,” he added.

“Non-compliance with GDPR can cost a small or [midsized] business its livelihood. Our expanded GDPR offering, available with all Coalition cyber insurance policies, is designed to educate organizations on their obligations, assist with compliance, and ultimately provide financial protection from alleged violations,” noted Motta.

With Coalition, any small or mid-sized business can protect themselves against cyber risk with comprehensive insurance coverage, free cyber-security tools, and access to a team of experts to assist with compliance, cyber security, and the response to a cyber incident.

Coalition provides companies with up to $10 million of cyber and technology insurance coverage in all 50 states and the District of Columbia. Coalition’s cyber risk management platform provides automated security alerts, threat intelligence, expert guidance, and tools to help businesses remain resilient in the face of cyber attacks.

To demonstrate the need for GDPR coverage, Coalition said businesses are estimated to spend more than $40 billion this year on efforts to comply with privacy and cybersecurity regulations, including GDPR. Coalition gathered these statistics from Stamford, Conn.-based research firm Gartner Inc., which on Aug. 15, 2018 issued forecasts on worldwide information security spending.

Now, more than ever, businesses must work to implement controls to adhere to new regulations, and prepare themselves for any resulting penalties should the worst come to pass, said Coalition.

Launched in 2017 by Joshua Motta and John Hering, Coalition combines comprehensive insurance and free cybersecurity tools to help businesses manage and mitigate cyber risk.

Coalition is backed by Swiss Re Corporate Solutions and Argo Group.

(Reporting by L.S. Howard)