Many businesses today are increasingly exposed to the threat of cyber data breaches that could put sensitive personal, financial, and health information in jeopardy.
Data breaches are occurring almost on a daily basis and the resulting damage can cost organisations an average of 3.4 million of Euros, according to IBM’s 2016 Cost of Data Breach Study. Common causes of data breaches can include: negligent release of information, stolen or misplaced laptop computers, stolen or improperly handled backup computer information, improperly disposed papers, malicious software, phishing scams, cyber extortion and disgruntled employees.
One of the ways to protect your business against damages caused by data breaches is through insurance. However, your general liability or a crime insurance policy have limited coverage because they are concerned with damage to tangible property. To guard against data breach damages, your organization should consider cyber liability insurance.
When you are discussing important data breach and network security coverage details with your insurance broker, here are terms to become familiar with when selecting the right policy to protect your business:
The Limit of Liability is the aggregate amount that will be paid by the insurance company for defense and damages. This aggregate will include the following sub-limits within this limit: Information Security & Privacy Limit, Regulatory Defense and Penalties, Website Media Content Liability, Business Interruption, Cyber Extortion, and PCI Fines and Costs.
The Notification Limit is the amount of records that the insurance company will provide for notification, call center services, and credit monitoring. This limit is separate from and in addition to the policy limit of liability aggregate. The Legal & Forensics, Crisis Management and the Foreign Notification costs are aggregate limits that are part of the Notification Limit. The record count does not have a deductible, but it does have a threshold. This threshold only pertains to the notification letter, call center, and credit monitoring services. A typical threshold may be 100 records or 250 records or higher.
Information Security & Privacy Liability will pay on behalf of the insured damages and claim expenses for:
Regulatory Defense & Penalties will pay on behalf of the insured claims expenses and penalties assessed by regulatory agencies.
PCI Fines & Penalties pays for Payment Card Industry fines and costs.
Website Media Content will pay on behalf of the insured damages and claims expenses for allegations of copyright infringement and defamation arising from your website.
Cyber Extortion pays the insured for loss paid as a result of an extortion threat to protect private information.
Legal & Forensics provides the insured with a computer security expert to determine the extent and cause of a breach. It may also provide for an attorney to determine which notification laws the insured will need to comply.
Public Relations will pay for a Public Relations Consultant to help the insured introduce the breach to the public.
Fraud Resolution provides service to the affected individual in restoring their identity.
Enhanced coverages often include:
Data breaches are a growing concern for many organisations and there are several ways to reduce your organisation’s chances of a cyber-attack or data breach. Cyber liability insurance can be an additional measure to guard your organisation in the event that a data breach occurs. Knowing the exact details and terms of what your policy will cover can help you take a proactive approach in protecting your organisation.