In Part 3 of our Cyber Insurance 101 series, we took a look at five key security measures carriers now require for cyber insurance coverage. In this post, we’ll explore breach response insurance and the resources those policies provide to ensure breaches are handled correctly.
All businesses face risks. Today, one of the biggest threats to a business comes in the form of data breaches, which can result in costly financial strain and devastating reputational harm.
As such, all businesses, regardless of size, need to prepare for breaches, including response plans and how to proactively reduce the odds of breaches from occurring.
[FREE CHECKLIST DOWNLOAD] How to Secure Cyber Insurance Capacity
What are data breaches?
Data breaches refer to any incident where protected or sensitive data is accessed by unauthorized individuals. The information obtained during a breach can vary wildly but typically includes:
- Customer information - including private information a company stores about its customers such as names and banking details.
- Financial information - including details about a company’s financial transactions through credit cards and bank accounts.
- Employee information - including personal employee details such as social security information, dates of birth, names, and other related details.
- Proprietary information - such as a company’s private intellectual property related to its goods or services.
Unfortunately, any business that stores such information is at risk. When we think of Cyber Insurance, the obvious risk is storage of electronic records. However, the loss of paper records is also very critical and that is generally covered by most Cyber policies.
What is data breach insurance?
Data breach insurance, otherwise known as ‘Cyber’ insurance, is a type of coverage designed to protect businesses from the costs they may face in the event of a data breach. Specifically, data breach coverage is designed to help businesses proactively thwart breaches from occurring by covering preventative expenses such as scans of external IT structures and threat alert notifications. Further, this type of coverage typically helps to cover the many expenses associated in the event a breach does occur.
A few expenses typically covered by data breach insurance include:
- Credit monitoring and activity notification services
- Data restoration costs, including the cost of labor associated with restoration
- Business interruption costs and associated expenses caused because of the breach
- Legal and public relation services required in the wake of a breach
- Reward costs required to pay individuals who identify the data hacker
- Investigation services required in the event of a regulatory investigation
- Forensic investigations of the IT environment to assess how a breach was perpetrated and to what extent
- Notification costs to alert affected individuals
- Breach coach services to manage the breach in a quick and efficient manner
- Ransom costs associated with a ransomware event
- Property damage costs due to the breach destroying IT infrastructure
- Post-breach remediation costs
- Reimbursement of funds that were illegally gotten as a result of a social engineering fraud or wire transfer.
Types of Data Breach Approaches
When it comes to building and maintaining a data management plan, businesses can either do so in-house or through an outside vendor. By going in-house, businesses will be largely in charge of shaping and overseeing their entire data breach management. While an enormous undertaking, this route is often favored by larger organizations with significant in-house IT and management capacity and several insurers offer extensive support that makes this option manageable.
Some Data Breach Insurers have a dedicated business unit that is entirely focused on helping their clients proactively develop an incident response plan. Further, in the event a breach does occur, these carriers can provide hands-on assistance to its clients to help them navigate through every stage of the breach response and investigation, knowing that their customer has already been set up for success.
On the other hand, many smaller teams tend to favor resourcing third-party IT vendors and data experts for support with its data breach planning and response. While going this route alleviates some of the burdens on in-house resources, it does require close monitoring and collaboration with the company’s cyber insurer to ensure that the required steps are being taken to prevent breaches. When choosing vendors to work with, we suggest making sure that the combined services offered are from vetted credible vendors who work closely with your carrier.
The Importance of Data Breach Coverage
Regardless of the path a business takes to develop its data breach handling and response, it is imperative that they seek data breach coverage. Given the many expenses associated with data breaches and the vulnerability all businesses face to such attacks, data breach coverage can ensure a business isn’t harmed long-term by a breach.
Here are just a few additional ways data breach coverage can help ensure your business is kept safe:
- Most plans cover the costs of forensic data analysis which can help identify vulnerable areas in your technology and provide a thorough understanding of how a breach occurred post-attack.
- Many jurisdictions require businesses to notify all affected parties following an attack including customers and financial institutions. Data breach coverage typically covers the costs of issuing such notifications, including the costs required to hire a public relations team.
- In the event that the breach costs your customers financially, data breach coverage typically covers the costs of associated legal fees.
Stay tuned for the final article in our Cyber insurance 101 series where we will take a look at the ins and outs of claims handling.