This article is used for performance auditing.
Get a quote on Cyber Insurance
If your company handles sensitive data of any kind, from customer payment information to intellectual property, you are at risk of a data breach. If your company’s private and confidential data is accessed by unauthorized parties, Data Breach Insurance can help cover the costs of response and recovery.
What is a data breach?
A data breach is a security incident where your company’s private or confidential data is accessed by an unauthorized party. A data breach could involve the loss, theft, or unauthorized access of information such as customer data, financial accounts, passwords, contact information, proprietary corporate data, and more. The breach could be perpetrated by outside parties, such as hackers or cybercriminals, or internal parties, like employees.
With the increasing digitization of the economy and business processes, data breaches are becoming more and more prevalent. Companies in the U.S. spend almost $4 million dollars on average to respond to data breaches, according to IBM, and businesses both large and small are at risk. According to First Data, smaller businesses pay on average $36,000 to recover from a data breach.
What is Data Breach Insurance?
Data Breach Insurance protects your business from first-party losses related to a data breach. If your business has its data hacked, stolen, or accessed illegally, Data Breach Insurance can help cover the costs of recovering from the breach.
These costs may include:
- Notifying your customers or employees affected by the breach
- Providing credit monitoring services to those affected by the data breach
- Hiring technical consultants or lawyers to find out whether a breach happened, the extent of the breach, and any regulatory compliance necessary
Data Breach Insurance is also commonly known as first-party cyber liability insurance, as it typically only deals with first-party losses that your business directly incurs, rather than third-party losses where your company’s data breach causes a customer or employee to suffer a financial loss. For third-party coverage for data breaches, consider cyber liability insurance.
Who needs Data Breach Insurance?
Data Breach Insurance is an important coverage for any business that stores or transmits sensitive, confidential, or proprietary information electronically. This may include personally identifiable information (PII) or protected health information (PHI). For companies that conduct their business online or use online tools as part of their operations, protection against data breaches is critical, as there is a greater chance for outside parties to hack into your systems via nefarious means, including phishing scams, denial of service attacks, or through security loopholes.
Even for businesses that don’t operate online, data breach protection is important. If a company laptop is lost or if an employee steals customer records from an office computer, your business’s confidential data could be exposed.
Increasingly, data breaches are becoming more common, and while you may only hear about large corporations getting hit with cyberattacks, the reality is that both small and large companies are vulnerable. Smaller businesses may be at even greater risk, as they generally have less time and resources to put behind security measures and protocols, and the costs of responding to a data breach could be financially crippling for a small company.
What does Data Breach Insurance cover?
Data Breach Insurance provides coverage for costs related to responding to and recovering from a data security breach. These costs may include:
- Notification. Because of increased government regulations, in the event of a data breach, notifying the affected parties is now a requirement in every state. While exact requirements vary from state to state, many states require businesses to notify affected customers or employees if personally identifiable information is involved in a data breach.
- Identity theft protection. Providing identity theft prevention and mitigation services, like credit monitoring, to those affected by a data breach is a requirement in some states. The cost of these services often falls to the business, and some states require businesses to provide these services for up to 12 months. Although most states do not require these services to be provided, it can be a helpful tool to aid your public relations efforts.
- Data breach analysis. In order to resolve a data breach, your business may hire technical consultants to determine how a breach occurred and the extent of the breach. You may also enlist legal help to ensure that your business is complying with all regulations and laws.
- Public relations. In the wake of a data breach, your business may need to invest in advertising and public relations to educate customers or other affected parties about the breach and help mitigate any damage to your company’s reputation.
- Business income and expenses. If a data breach threatens to shut down your business, you may need to spend outside of your day-to-day operating costs in order to keep your business running. If your business operations must stop for a period of time, you may lose out on revenue due to the closure. Coverage for these costs is often available as an optional add-on.
- Cyberextortion. In certain data breaches, your business may be threatened with damage to your computer systems or networks, or your data may be held hostage unless you pay a ransom. Coverage for these costs is often available as an optional add-on.
What are the key exclusions to Data Breach Insurance?
While Data Breach Insurance can cover most costs associated with a data breach, there are some notable exclusions:
- Illegal acts and fraud. Data Breach Insurance does not cover intentional illegal, dishonest, or fradulent acts.
- Contractual liability. Many Data Breach Insurance policies will exclude coverage for liability assumed under a contract or agreement. For instance, if you business suffers a breach of credit card information and needs to pay contractually required fines or penalties related to the breach.
- Failure to maintain security standards. Insurers may exclude coverage if your business does not continue to maintain the same levels of security practices and system maintenance procedures that were disclosed in your insurance application.
- Third-party liability. Data Breach Insurance does not provide coverage if your business is sued by customers, vendors, employees, or other third parties who have been impacted by a company data breach. Third-party lawsuits of this nature can be covered by cyber liability insurance.
What is the difference between cyber liability insurance and Data Breach Insurance?
It’s easy to confuse cyber liability insurance and Data Breach Insurance, as many insurers may use these terms interchangeably when referencing their cyber insurance products. The distinction between the two insurance types does vary depending on the insurer, but generally, Data Breach Insurance is considered to be a more limited set of coverage than cyber liability insurance.
Data Breach Insurance typically covers only first-party losses that your business directly incurs due to a data security breach. This type of insurance is commonly purchased by smaller businesses who don’t often need the broader coverage provided by cyber liability insurance.
Cyber liability insurance typically covers first-party losses in addition to third-party liability related to data breaches. Third-party coverage provides protection when a customer, vendor, partner, or other party sues you for allowing a data breach to happen.
How much does Data Breach Insurance cost?
The average cost of cyber insurance, which includes Data Breach Insurance, is $1,501 per year in the U.S. The costs of insuring your business against data breaches and hacking attacks varies based upon the nature and size of your business, as well as the state in which your business is located. Below, we list the average cost of cyber insurance in each state, along with the difference between the state average and the national average.
|State||Average Cost of Cyber Insurance||Difference from National Average|
|District of Columbia||$1,539.25||3.66%|
Besides the location of your business, a number of other factors can greatly affect the premiums that you pay for cyber insurance. Insurance companies will take into account the nature of your business, the number of sensitive employee and customer records you store, whether your business stores credit card and banking information on your customers, and the types of security defenses your company has undertaken. Additionally, if your company has a history of cyber insurance claims or if it has been attacked or hacked in the past, your premiums may be higher.
In order to get an accurate estimate on pricing, it’s best to get a quote from a reputable insurance company. Below we’ve highlighted a few of our trusted partners who offer cyber policies:
|Provider||Cyber Liability||Business Owner's Policy||Commercial Crime||General Liability|
As technology in business becomes more prevalent, data breaches, hacks, and other cyberattacks are increasing in frequency, impacting small and large businesses alike. In order to better protect your company from the financial burden of recovering and responding to a data security breach, consider Data Breach Insurance. This coverage can help provide your business with the financial support necessary to address a data breach once it has occurred, notify your customers and provide them with identity theft protection services, and ensure that your business is compliant with any related regulations or laws.