Understanding data breach and cyber liability coverage (2024)

Data risks are not just for big businesses. Virtually all companies are at risk — including yours.

When you hear about data breaches, it's likely that you think of tech companies or a hack at a major retailer that you read about in the headlines. But the fact is, it's not the sort of thing that only happens to tech companies or larger businesses or organizations. In fact, according to a report from the U.S. Department of Homeland Security, manufacturing is the industry with the second highest number of reported cyberattacks.

Want to understand your risk? Ask yourself:

• Do you store, own or have access to data?
• What kind of data is it?
• How many data records do you have?

The impact of a data breach incident can be extraordinarily costly for businesses without the right protection:

• $8.19 million– average total cost of a data breach (U.S. average)
• $1.42 million– average cost of lost business due to a data breach
• 25,575 records– average size of a breach
• $242– cost per lost record
• 245 days– time to identify and contain a breach

What type of data is at risk?

A data breach is an incident in which unauthorized individuals gain access to sensitive, protected, or confidential data. Data breaches may involve a wide range of information, but the data in question often falls into one of two categories:

• Personal information − such as names, emails, date of birth, street addresses, social security numbers, or phone numbers.
• Financial information − data from business transactions including credit card or bank account information.
• If you store these types of data or transact business electronically, you are at risk.

What can happen?

Think about a manufacturing company, professional service firm, retail store or wholesaler. All of these businesses have one thing in common — they have employees' and customers' personal and financial files that could be exposed.

What if...

• An employee loses a laptop with sensitive information?
• A rogue employee steals information?
• Sensitive information is improperly discarded?
• A credit card system is compromised?
• A firewall fails and hackers access sensitive information?

All of these could happen to any business at any time. Would yours be prepared?

Tailored cyber protection

Cyber coverage offers protection from threats posed by cyberattacks and data breaches — including losses to a company's finances, reputation and operational capabilities.

Data breach coverage

This coverage helps protect your business from the direct costs faced when a data breach occurs, such as notification, credit monitoring, cyber investigation and public relations expenses. Coverage highlights include:

• Data breach expense coverage for:
  • Notification, forensic analysis and credit monitoring services expenses
  • Breach restoration for costs of labor to re-create or copy lost or stolen data
  • Cyber business interruption and extra expenses incurred due to a breach
• Additional expense coverage for:
  • Legal services, public relations and third-party data breach
  • Data breach reward to pay informants who provide information leading to the capture and conviction of a “hacker”
  • Data breach investigation expenses resulting from a regulatory investigation
  • Cyber theft for loss from transferring, paying or delivering funds due to fraudulent input of data in your system
• Data breach services, including fraud alert, help line, identity restoration and consulting services

Cyber liability coverage

This protection covers costs that stem from a lawsuit against a business, alleging financial damage as a result of a data breach. These lawsuits may be the result of identity theft or compromised financial information that results in loss for customers.

Coverage highlights include:

• Privacy and security liability for third-party claims arising out of a privacy breach or security breach, including loss or theft of private personal data or failure of your client's system
• Cyber media liability addresses third-party claims arising out of an electronic media breach such as infringement, trademark, plagiarism, invasion of privacy, defamation, libel and slander resulting from cyber content

Cyber privacy and security coverage

This coverage combines protection for expenses that businesses pay in an effort to manage the fallout from a data breach with coverage for costs that stem from a lawsuit against a business.Coverage is offered as part of a convenient suite of management liability products for seamless protection.

How to recover from a breach

• Expert forensic analysis can help your company understand how a breach occurred, determine the extent of the breach, and highlight vulnerabilities. Data breach coverage often covers these costs.
• Each state has its own breach notification requirements. Data breach coverage includes the cost to notify affected parties, credit monitoring services, and, when necessary, monetary assistance to develop a public relations response.
• Partner with a third-party IT company to ensure your data is secure. Develop a plan to prevent and respond to incidents.
• You've successfully managed this breach. But, if any of your customers are faced with financial loss due to this breach, your cyber liability coverage can protect you from related lawsuits.

Sources

• 2019 Ponemon Institute Cost of a Data Breach Study
• Human error cited as leading contributor to breaches, study shows. SC Magazine.
• Cost of Data Breach Study, IBM, 2016
• Small Businesses: The cost of data breach is higher than you think, First Data, 2014
• Internet privacy in the digital age, Champlain College
• Cybercrime and hacking are even bigger worries for small business owners, The Guardian (U.S. edition), January 21, 2015