Managing the Risk of Data Breaches with Insurance

Every day more than 6 million data records are compromised, and even though cybersecurity spending is rapidly increasing, cases of data breaches are at an all-time high. Additionally, data breaches are becoming more and more expensive, with the average cost reaching $3.86 million per occurrence in 2018.

Having adequate data breach insurance, also known as network security and privacy liability coverage, is a paramount consideration for organizations of all sizes and industries, but particularly those whose business model is dependent upon online interactions and transactions.

Types of Insurance You Need to Cover Data Breaches

Data breaches are rapidly increasing in complexity and can cross borders between coverage types, thus rendering standalone policies inadequate. For instance, a cyber insurance policy will protect your business from losses related to cyber attacks and security breaches that compromise the proprietary data stored on your networks. And a technology errors & omissions policy will cover your liability and legal costs if a client sues you because of a data breach on their network that stems from a failure on the part of your product or service. 

Thus, combining cyber liability and technology E&O policies into one program with shared limits and complementary coverage is a cost-efficient way to purchase business insurance for startups that provides optimal protection.

Types of Data Breaches Insurance Can Cover

Data breaches can come from a variety of sources. Not every breach is caused by sophisticated hacking attempts and many can stem from human error or mundane oversights, which doesn’t make them any less damaging. To help you understand what your company is facing, here’s a breakdown of the most common data breach sources you may experience:

Hacker attacks: Criminals are becoming more sophisticated and cyber attacks can come in various forms, including phishing, denial of service, malware, ransomware, and password attacks. These attacks are especially dangerous because they are sometimes very hard to detect. It typically takes companies six months to discover that an attack has occurred, allowing hackers to do significant damage. 

Physical theft or loss of devices: Although the main cybersecurity concerns are digital, physical breaches can represent a significant risk as well. Laptops, smartphones, and other physical data storage devices can end up lost or stolen and lead to serious data breaches. 

Data theft/leaks: Employees of your company might access sensitive information without authorization and with malicious intent. According to a study by Verizon, 12% of data breaches are related to privilege abuse, which includes employees misusing information they’ve been granted access or purposely sharing, copying, or using data without authorization.

Human error: Something as simple as including the wrong person in an email chain, or clicking on suspicious links, may lead to a serious data breach.  90% of system intrusions are the result of human error, so it is important to have strong security protocols and training in place to reduce risk. 

First-Party vs. Third-Party Data Breach Coverage

First-party coverage insures those direct expenses that you may suffer as a result of a data breach. An extensive  insurance policy should typically cover the following first-party costs and expenses:

  • Data loss, recovery, and recreation 
  • Business interruption/loss of revenue
  • Digital extortion attempts
  • Deceptive transfer of funds 
  • Forensic investigative work
  • Public relations activity 
  • Mandatory remediation charges- notifications, credit, and identity monitoring

Third-party insurance provides protection against liabilities arising from a data breach that releases proprietary information, or your failure to properly protect that data.  In addition, if you share data with an independent contractor, and their security is breached, your organization can still be found liable, which will also be addressed by third-party coverage. A comprehensive policy should include: 

Cost of Data Breach Insurance 

Given the potentially devastating cost of data breaches, premiums can vary significantly based upon the scope of the policy, the size of your organization, the extent of your internal system safeguards, and the number of unique Personal Identifiable Information (PII) or Protected Health Information (PHI) records stored or maintained on your system.

The good news for insurance buyers is that there’s an adequate supply of insurance products, with many major insurers offering coverage and extremely competitive pricing. 

It is most important, however, to work with the right partners who understand your unique needs and exposures related to your industry in order to ensure you obtain the proper coverage for the best price.  If you need more help or information about protecting your business from data breaches, you can reach out to our team of expert brokers to learn more.