As a follow up to the previous blog post about who is responsible for a data breach, this post will cover a second misconception about mitigating the cost of a breach.
Misconception #2: “Our current insurance program will help us pay for and recover from the data breach.”
The reality: This could be true, but it all depends on which insurance policies a company has in place at the time of loss. In recent cyber breach cases, attorneys have been struggling to find even a sliver of coverage within the various “standard” insurance policies that will help them recover. They have had some success, however that loophole is disappearing quickly. Why? Because the insurance industry never intended for the General Liability, Property, Directors & Officers Liability or other policies to cover data and cyber threats. Now, most policies are being written with specific exclusions to remove the possibility of coverage applying to data breaches.
The good news is this: The insurance industry has created a solution designed specifically for data breaches. Specialty Cyber/Data Liability policies are available and will cover most of the costs of a data breach. Costs for forensic investigation, legal, crisis communications, notification, and credit monitoring are included in a Cyber/Data Liability policy. Beyond that, the policy can also help defend companies against lawsuits from affected individuals, regulatory investigations, Payment Card Industry (PCI) fines and penalties and more. It’s important to note that certain items are generally not insurable because they are very difficult to quantify or put a value on, such as reputational damage or loss in value from stock price declines.
One more thing to keep in mind— Each insurer writes these policies in their own way – and the quality of the offering varies dramatically. Think of it like buying a new car. Some have features that help you avoid accidents like back up cameras or warning signals and others protect what you have in the car with alarms. Still others are outfitted with devices to help you get your car back if it is stolen. The same is true of Cyber/Data Liability policies. The policies offered differ in terms of basic coverages as well as the loss prevention and breach response services provided. Not sure what exactly your company needs? That’s where your broker comes in. Their job is to negotiate the best policy that fits your company’s needs and your bottom line.
To make sure your organization is prepared for a data breach, stream the seminar, “Avoiding a Data Breach Nightmare” by clicking below.