What is data breach insurance?

Data breach insurance, sometimes called cyber liability insurance, covers businesses that handle sensitive data against the risk of being hacked. Most financial services businesses have computer systems that store private customer information. This might include personal identification, financial, or payment information, or social security numbers. Insurance ensures that you are covered in the event of a data breach, denial of service attacks, virus, or even if a laptop containing sensitive information is lost. These damages are commonly excluded under commercial general liability policies. This makes data breach insurance a good choice if your business stores sensitive customer data.

Financial professionals frequently store tax or bank account information. Your servers could be attacked by a virus that steals the bank information of several customers. These customers could file suit against your company for violation of privacy. Data breach insurance covers legal fees and fines associated with cyberattacks. This insurance will also cover fees for public relations costs to repair your company’s reputation, as well as the cost of technical assistance to investigate a hack.

Cyberattacks may also stop your business operations for a period of time, causing you to lose money. If you store sensitive customer information, having data breach insurance is a wise investment that will provide financial protection in the event of a cyberattack.

Who needs data breach insurance?

Financial services professionals who store personally identifying customer information may need data breach insurance if they collect any of the following information:

• Credit card numbers, or other bank or payment information
• Personal information such as names, email addresses, phone numbers, addresses, social security numbers, or driver’s license numbers
• Health and medical information
• Trade secrets or patent applications belonging to your clients

What does data breach insurance cover?

Data breach insurance covers financial losses from data breaches, hacking, viruses, denial of service attacks, and other similar cyber events. In financial services, coverage form these types of events is particularly important, as much of the data you work with is sensitive and confidential in nature.

There are two flavors of data breach insurance, first-party and third-party:

• First-party data breach insurance protects your company when you incur expenses from a data breach to your own network or when your company is hacked.
• Third-party data breach insurance provides protection when a customer, vendor, partner, or other party sues you for allowing a data breach to happen.

First-Party Coverage

As a financial services provider, protecting sensitive data is part and parcel of your business. In the unfortunate event of a data breach or hack, first-party coverage will protect your business from the financial losses incurred from:

• Loss or Damage to Electronic Data – First-party coverage will reimburse your company for the costs to restore or recover lost or damaged data as a result of a data breach or cyberattack, as well as the costs to hire consultants to help you restore or repair your data. This usually does not cover data loss due to mistakes made by your business or your employees. For example, if your employee accidentally deletes your critical business data, it would not be covered.
• Business Interruption – If the loss or destruction of data leads to a disruption in your ability to do business, this coverage can pay for the loss of income your business experiences. For example, your business is hacked, and data critical for your sales team to sell on a daily basis is destroyed. Note, however, that this coverage only applies to lost profits that are directly a cause of the cyberattack. If your sales decline due to a hit to your reputation from the data breach or cyberattack, these declines will not be covered, as they are not directly caused by the breach or attack.
• Cyber Extortion – If your business is threatened with damage to your computer systems or networks unless you pay a ransom, data breach insurance can protect you. For example, a hacker may gain access to your computer network and threaten to delete all your data unless you pay them money. This insurance can provide coverage for the money you spend to respond to the extortion demand, as well as any ransom you pay.
• Customer Notification – Many states require businesses to notify affected customers or employees if personally identifying information is involved in a data breach.
• Credit Monitoring – Providing credit monitoring services to those affected by the data breach. Although most states do not require providing credit monitoring services after a data breach, it can be a helpful tool to aid your public relations efforts.
• Legal/Consulting Fees – Hiring technical consultants or lawyers to find out whether a breach happened, the extent of the breach, and any regulatory compliance necessary.
• Reputation Management – Advertising and public relations costs to educate customers or other affected parties about the breach and help to fix your company’s reputation.

Third-Party Coverage

In the event of a loss or breach of data that a customer has entrusted in your safekeeping, your business may be embroiled in client lawsuits. Third-party coverage protects against lawsuits filed by clients or others against your business as a result of a breach of their security or privacy. These lawsuits can accuse your business of failing to adequately protect data you possess that belongs to customers, employees, vendors, or others.

Some of the claims that third-party liability may cover include:

• Legal Fees – Lawsuits, judgments, and settlements against your business that arise from a data breach. Legal and attorney’s fees to defend against lawsuits for data breaches. Data breach policies generally have “shrinking limits” of insurance, which means that any legal defense costs reduce the limits of insurance.
• Network Security Claims – Network security claims resulting from a data breach, or the inability of others to access data you store. This can include viruses and malware, denial of service attacks, or unauthorized access by a hacker or rogue employee. It can also cover your business if you have trade secrets or patent applications for clients that are exposed in a hack or data breach.
• Network Privacy Claims – Privacy claims alleging you were negligent in failing to protect sensitive data of others stored on your company’s network and systems. In addition to hacks and viruses, privacy breaches can include a breach of a physical record, such as files tossed into a dumpster. It can also include human error such as a lost laptop or sending a file full of customer account data to the wrong email address. Privacy claims can also include the wrongful collection of personal information.
• Employee Privacy Claims – Employee privacy liability if sensitive data about your employees is stolen from your company systems.
• Regulatory Fees – Fines, penalties, and costs to respond to regulatory inquiries. Costs you owe to banks to reissue credit cards are also covered.

Third-party liability insurance is generally written on a claims-made basis, which means coverage is only available if the claim is submitted while the insurance policy is active. Most general liability policies are written on an occurrence basis, which covers claims submitted after the policy ends if the event causing the claim occurred while the insurance was active.

What doesn’t data breach insurance cover?

Data breach insurance is primarily designed to protect your business from cyberattacks. However, there are some exclusions to the coverage from this insurance. These include:

• Damage to your business reputation as a result of a data breach.
• Costs to fortify and improve your internal technology systems.
• Lost future sales because customers avoid your business after a breach.
• Loss of intellectual property owned by your business.
• Damage to your business caused by your own or your employee’s actions. For example, you install new software that causes your network to go down for several days.

How much does data breach insurance cost?

The average cost of cyber insurance is $1,485 per year in the U.S. The costs of insuring your business against data breaches and hacking attacks varies based upon the nature and size of your business, as well as the state in which your business is located. Below, we list the average cost of cyber insurance in each state, along with the difference between the state average and the national average.

State	Average Cost of Cyber Insurance	Difference from National Average
Alaska	$1,532.89	3.23%
Alabama	$1,539.40	3.67%
Arkansas	$1,646.50	10.88%
Arizona	$1,581.50	6.50%
California	$1,430.18	-3.69%
Colorado	$1,521.67	2.47%
Connecticut	$1,593.62	7.32%
District of Columbia	$1,539.25	3.66%
Delaware	$1,446.47	-2.59%
Florida	$1,529.82	3.02%
Georgia	$1,450.54	-2.32%
Hawaii	$1,519.46	2.32%
Iowa	$1,505.73	1.40%
Idaho	$1,483.70	-0.08%
Illinois	$1,434.59	-3.39%
Indiana	$1,484.06	-0.06%
Kansas	$1,501.38	1.11%
Kentucky	$1,587.10	6.88%
Louisiana	$1,623.94	9.36%
Massachusetts	$1,380.59	-7.03%
Maryland	$1,471.18	-0.93%
Maine	$1,467.39	-1.18%
Michigan	$1,339.33	-9.81%
Minnesota	$1,708.11	15.03%
Missouri	$1,509.00	1.62%
Mississippi	$1,472.55	-0.84%
Montana	$1,478.29	-0.45%
North Carolina	$1,421.49	-4.27%
North Dakota	$1,464.42	-1.38%
Nebraska	$1,485.64	0.05%
New Hampshire	$1,431.99	-3.57%
New Jersey	$1,615.25	8.77%
New Mexico	$1,355.36	-8.73%
Nevada	$1,507.55	1.52%
New York	$1,616.70	8.87%
Ohio	$1,553.68	4.63%
Oklahoma	$1,513.03	1.89%
Oregon	$1,462.50	-1.51%
Pennsylvania	$1,466.49	-1.24%
Rhode Island	$1,541.58	3.81%
South Carolina	$1,398.83	-5.80%
South Dakota	$1,489.45	0.30%
Tennessee	$1,500.20	1.03%
Texas	$1,459.22	-1.73%
Utah	$1,515.10	2.03%
Virginia	$1,467.83	-1.15%
Vermont	$1,457.70	-1.83%
Washington	$1,449.80	-2.37%
Wisconsin	$1,523.03	2.56%
West Virginia	$1,629.64	9.74%
Wyoming	$1,426.89	-3.91%

Besides the location of your business, a number of other factors can greatly affect the premiums that you pay for cyber insurance. Insurance companies will take into account the nature of your business, the number of sensitive employee and customer records you store, whether your business stores credit card and banking information on your customers, and the types of security defenses your company has undertaken. Additionally, if your company has a history of cyber insurance claims or if it has been attacked or hacked in the past, your premiums may be higher.