With data breaches all over the news, it’s no wonder businesses want to manage their exposure to the financial risks that accompany these threats. Data breach insurance is often the policy that companies need to protect themselves. Coverage is especially important because of the expense involved with a data breach. According to a 2015 study by risk assessment firm NetDiligence, the average data breach claim costs nearly $674,000. And no company is immune to the risk. Here are a few hypothetical examples across different industries:
CPA Firms: A staff member backs up some client files to an unencrypted flash drive and puts it into her purse. She then goes shopping and her purse is stolen. The staff member had been preparing payroll tax returns for several clients in multiple states. The flash drive included payroll information such as names, addresses, salaries, and Social Security numbers. The firm must now evaluate the severity and scope of the incident. They must consult with legal counsel about compliance with notification laws and with public relations regarding the breach. Finally, they must notify any potentially affected clients.
Real Estate Firms: In order to reduce costs and simplify the process, a small real estate company outsources its information storage and maintenance to a third party company. The third party experiences a data breach and the real estate firm’s data is jeopardized. Confidential information included clients’ Social Security numbers, bank account, credit, and debit card numbers, financial documents, and much more. Unfortunately, this “cost-saving” measure for the small real estate firm results in high legal costs, damage to their reputation, and a loss of business.
Architect and Engineering Firms: Technology is a large part of the architect and engineer’s practice. They routinely use technology to communicate with clients, perform accounting, and share project information. Design professionals also use technology to access information about their clients, including banking account numbers, employee data, and non-public business information. This can leave firms vulnerable to data breaches, malware, ransomware, and spear-phishing against employees. Many architecture and engineering firms are small businesses, which are targeted more often due to their perceived vulnerability. In fact, the National Cyber Security Alliance estimates 71% of security beaches target small businesses.
We all know the best defense is a good offense. That’s why more and more businesses are opting for policies that protect them from liability and expenses caused by a data or security breach. There are primarily two types of insurance offered – first-party and third-party. Here’s a look at both:
First-Party Insurance covers the policyholder’s own losses and can include the following coverage:
• Investigation: costs associated with assessing whether a breach has occurred and measuring the impact and severity.
• Data Loss: costs associated with the tampering or loss of the policyholder’s data.
• Software/Hardware: damages to software systems and/or computer hardware as a result of a cyber attack.
• Loss of Revenue: loss of income or other costs if the policyholder is unable to conduct business due to a breach.
Third-Party Insurance insures for the liability of the policyholder to third parties such as customers, clients, and the government. It can include the following coverage:
• Notification: costs associated with notifying employees, customers, or patients of a breach.
• Regulatory: costs associated with lawsuits or judgments as a result of a data breach. It also covers legal and technical expenses incurred for responding to regulatory inquiries.
• Crisis Management: expenses for public relations and advertising educating customers about the data breach, as well as the policyholder’s response.
• Credit Monitoring: costs of providing credit and/or fraud monitoring services to affected parties.
Cyber attacks can happen in organizations of every shape and size. Hackers also seem to get more sophisticated each day. Covering the risks associated with data breaches is an essential way to stay one step ahead of the “bad guys”.