A data breach could happen to a business at any time, so it is essential for a business to understand the ins and outs of data breach insurance and ensure the right protection is in place.
What is data breach insurance?
Data breach insurance is part of a wider cyber insurance package. It gives policyholders access to expertise, practical help, and financial support in the event they suffer a data breach. Figures from CFC’s claims team show that data breach losses make up more than half of the total number of cyber claims received over the course of a year.
A data breach is an event that leads to you losing control of business data in your company’s possession, such as employee data or client data. That could be anything from names and addresses to bank account details and tax references.
The data might be stored on a memory stick, a tablet, or a smartphone that goes missing. An employee might leave an unprotected laptop on a train, or your organization might be the victim of a targeted hack or fall prey to a phishing or malware scam.
In short, a data breach is an event that leads to data held by your company being lost, stolen, or compromised. Data breach insurance provides cover against losses suffered by you or third parties as a result of the breach and gives you access to specialists who will help you respond quickly and effectively to the breach and mitigate its impact.
Who needs data breach insurance and why?
Most companies store, manage, or process some kind of data in the course of doing business. Are your employee records held electronically? Do you keep client files in the cloud or on in-house servers? Do you hold personal information from orders and reservations? Do you store client payment details, transfer company funds electronically or pay suppliers online?
Large and small businesses alike hold confidential information about their employees and clients in various digital formats. The way most companies operate includes some form of electronic data transfer. There are various legal and regulatory obligations to fulfil in the way organizations manage this data, and there are fines, penalties, and sanctions for those that break the rules.
This means that companies of all shapes and sizes have the potential to suffer a data breach, and so it is important to assess the potential size of that exposure. They also need to think about how they would respond to a data breach and manage the associated costs.
What does data breach insurance cover?
Data breach insurance will help cover the costs of responding to an incident as well as assist with the financial losses that it creates.
Data breach insurance is part of a wider set of covers that sit in a cyber insurance package. Most cyber policies offer first-party and third-party covers. The first-party sections cover the policyholder’s own financial loss arising from a cyber event. The third-party sections cover the insured for liability actions against them arising out of a cyber event.
Typical first-party covers include:
- Incident response – covers costs involved in responding to a cyber incident, including IT security and forensic specialist support, gaining legal advice in relation to breaches of data security and the cost associated with having to notify any individuals that have had their data stolen
- Cyber extortion – covers costs incurred in responding to fraudsters attempting to extort money out of an insured by either threatening to carry out a cyberattack or by threatening to expose or destroy data after having already compromised the victim’s network
- System damage – covers costs for an insured’s data and applications to be repaired and restored in the event that their computer systems are damaged as a result of a cyber event
- System business interruption – covers reimbursement for loss of profits and increased costs of working as a result of interruption to a business’ operations caused by a cyber event
Typical third-party covers include:
- Network security and privacy liability – covers third-party claims arising out of a cyber event, such as the transmission of harmful malware to a third-party’s systems or failing to prevent an individual’s data from being breached
- Regulatory fines – this can cover the cost of certain fines and penalties that a regulatory body might enforce on an organization as a result of them having suffered a data breach
- Media liability – covers any third-party claims arising out of defamation or infringement of intellectual property rights
Brokers should look at the whole range of cyber risks that their clients may face when considering or purchasing cyber insurance rather than just focusing on data breaches. Threats to data and information security are evolving, and businesses require protection that keeps pace. CFC’s cyber breach insurance provides first and third party coverage against all of the major cyber threats facing organisations today including social engineering attacks, ransomware, and malware.