What is Data Breach Insurance?

Data breach insurance, also known as cyber liability or cyber risk insurance, covers the costs incurred by your business in the event your electronically-stored data is compromised. Cyber hacking is being referred to by the media as a growing threat to any business that electronically transmits and/or stores confidential customer data. And the loss of revenue to a business that has been hacked can be substantial. These factors have prompted business owners to take a serious look at this new type of coverage being offered by many of the top names in the insurance industry.

Not too long ago, business owners were more focused on buying insurance to cover losses from: damage to their physical plant; damage to their inventory; or property theft.

Now the biggest challenge to business owners is how to protect your customers’ private information while it is being stored or transferred electronically. Business owners are realizing it can be just as costly to lose the data on their computers as it can be to lose any physical property… and sometimes even more devastating. Beside the financial liabilities, there is also the negative publicity, loss of customer confidence, and interruption to service that can have a long term impact on the success of your business.

While many business owners assume that big corporations are more likely to be the target of hackers, studies show that companies with fewer than 100,000 customer records are actually targeted more often. In fact, reports show that 71% of data breaches actually happen to small businesses. And with the average cost of dealing with data theft spiraling towards $300 per compromised customer record, even a small breach can cost a company millions.

Insurance companies that sell traditional business coverage are beginning to exclude the costs of electronic data loss. This exclusion means business owners are being forced to purchase data breach insurance, even if they are PCI compliant.

What Does Data Breach Insurance Cover?

Basically there are 2 types of data breach insurance. Each type of policy covers a different area of liability, loss and expenses:

1. First-party liability, which covers losses sustained by your business.
2. Third-party liability, which covers your liability to your customers.

Each insurance company offers their own version of data breach insurance, but the coverage options are similar.

First-Party Liability covers:

• Legal and Forensic Service Expenses – The cost of any investigation related to the breach of your records.
• Crisis Management and Notification Expenses – The cost of informing customers of the breach to your records and other response management expenses.
• Good Faith Advertising Expenses- The cost of ad campaigns to announce the breach to your records and handle the ensuing publicity.

Third-Party Liability covers:

• The combination of all the expenses resulting from law suits from customers, as well as the cost of any other legal actions taken against your company.

Each company offers their own options and perks to entice you to buy. Some processors offer data breach protection as part of their service. Others include access to secure websites providing information about how to prepare a breach incident response plan, consulting services to help with breach notifications and customer requests for information, coverage for business interruption, and loss prevention reimbursement for companies that take protective measures to protect data such as encryption technology.

Basically the combination of the two policies acts like the combination of the comprehension and collision coverage you carry on your car. One acts as the insurance coverage for you and your car, and the other is the coverage against damage to the car, person, or property you hit. Perks attached to your data breach insurance policy, like the reimbursement for installing encryption technology, are similar to the credit you get for having a car alarm or air bags on your car!

So can you buy one type of data breach coverage without the other? Certainly. But the combination of the two data breach insurance policies offers you a comprehensive risk management package to deal with the financial losses from a cyber attack that could bankrupt your company.

As the risks and methods of cyber theft evolve, including the latest attacks that hold your company’s records hostage and demand a ransom, insurance companies will continue to revise the terms and coverage of their policies. So while data breach insurance is not a substitute for instituting proper security measures to protect your records, it can be the first line of defense to protect your company from the devastating financial losses from record hacking.