Learn about what a data breach insurance policy is, what one covers, and whether one may be right for your organization, in this week's Data Protection 101.
With cyber threats constantly on the rise, coupled with the skyrocketing cost of data breaches, it’s no surprise that more enterprises are considering data breach insurance. But what is data breach insurance, or cyber security insurance, and is it right for your organization?
Definition of Data Breach Insurance
Data breach insurance is a type of monetary coverage purchased by organizations to protect financial interests in the event of data loss. Data breaches occur for a number of reasons, including hacking and poor cybersecurity procedures. The types of data stored by organizations can vary from simple, non-critical details to sensitive government intel.
A cyber security insurance policy covers potential losses in the event of a cyber-related incident. Data breach coverage is a type of cyber security insurance (also known as cyber liability coverage) meant specifically for situations in which data is lost or stolen.
Cyber Security Insurance vs. Data Breach Insurance
In many cases, the insurance policies you find may include more than one type of data breach coverage. Depending on the depth of the policy, coverage may also include network problems and cyber business loss. Some policies will cover intellectual property associated with an organization. However, in most cyber-related insurance policies, there are provisions for data breaches. Other than the extent of coverage, the terms are often interchangeable.
Types of Data Breach Insurance Coverage
As with other insurance policies, data breach coverage can have first and third-party provisions. First-party meaning coverages pertaining to the insured organization itself, and third-party meaning coverages for affected parties outside of the organization. An example of this would be car insurance. If you have liability-only coverage, it covers individuals and vehicles in the event an accident was your fault. Full-coverage insurance would cover both the insured (you) and other individuals involved.
Examples of first-party data breach insurance provisions include:
- Data breach investigation costs
- Hardware and software damage costs
- Fines incurred by lost data
- Lost Revenue
Examples of third-party data breach insurance provisions include:
- Lawsuits from individuals due to data loss
- Fees incurred for aiding individuals in the event of data loss
The History of Data Breaches
Is Data Breach or Cyber Security Insurance Right for You?
If your organization or business stores private information of any type, insurance should be considered. Whether or not to purchase a policy is a matter of deep consideration depending on a range of factors. While there are more than a few items to consider, here are three to start:
- Location(s): If your company is located in or does business in the E.U., you’ve undoubtedly been affected by GDPR. In the U.S., there are a number of legalities when it comes to data breaches (both on the federal and state levels). These laws and regulations result in policies across the globe that differ from nation to nation.
- Data Collected: A website that collects email addresses is going to have different needs than a subcontractor who takes on extensive data from other companies. The amount of data you collect, the amount of time you keep it, and the extent to which you use collected data are all factors in the decision to purchase data breach insurance.
- Other Protections in Place: No matter how prepared a company is, breaches happen. However, if all proper precautions are taken, it could affect the cost of a policy and other factors. Having stringent cyber security measures in place is always preferred, and it could mean fewer issues in the event of a breach. Easier identification and future prevention can alleviate the need for certain coverages.
What to Look for in a Data Breach or Cybersecurity Insurance Policy
If you’ve determined that a data breach or cyber policy is necessary for your organization, there are other considerations to weigh before choosing an insurance provider. While there are often many “small print” details, it’s important to take your time. Here are three important factors to look for when choosing a policy.
Do You Need More Than Financial Coverage?
The insurance industry exists largely to cover the financial risk of those insured. However, there are other problems that come with a data breach. It takes time and effort to perform all of the legal duties that come along with data loss.
Part of the “to-do” list of a company when a data breach occurs includes:
- Reporting to the governments
- Notifying individuals affected
- Finding the vulnerability
- Updating your cyber security
Cyber security insurance can (but doesn’t always) offer assistance for these liabilities.
Pay Special Attention to Wording
What you would like to see in your policy needs to be clearly expressed in writing. Not only the types of coverage, but the types of incidents that are covered should be clearly worded. There is no shortage of hostilities online, and a clear policy will help you if you will need to use it. As a simple example, if your policy doesn’t mention “hacking” and data loss comes via a hack — it could cause problems when it is time to make a claim.
Stay Up-to-Date on Policies (and Terms)
There are many pieces of cyber-related legislation that have recently become law and more in the works. Increased laws mean changes in procedures and insurance policies. Even after you choose great coverage, the landscape can change in a number of ways. Reviewing your policy, company needs, and current laws regularly are all needed. Doing so ensures that you have the right data breach insurance if an unfortunate cyber security incident should occur.
Data breaches are always on the rise, and security threats affect businesses of all sizes. With the cost of a data breach reaching unprecedented proportions, data breach or cybersecurity insurance is becoming not just a smart investment for businesses, but an essential one.