Cyber Liability and Data Breaches
Has your company suffered a data breach? Would you be aware if it had?
When hackers stole the debit and credit card data of 56 million Home Depot customers between April and September of 2014, they succeeded in officially pulling off the largest data breach of its time. Surprisingly, for most of those five months, the problem went unnoticed. Home Depot was not the only victim. That same year, cybercrime cost retail stores across the United States an average of $8.6 million apiece, more than double the damages of the previous year. The magnitude alone brings new meaning to the concept.
Data breaches play a common role in today’s technological world. Cloud storage and a proliferation of mobile devices have rendered all business entities vulnerable. As hackers become increasingly adept at infiltrating corporate databases, any company, regardless of size, could be next on their list. Would you be prepared?
The Bottom Line
A data breach will cost a company in many, many ways. In addition to fines and penalties that can go as high as $1 million or more, it will face such additional expenses as third-party forensic examination fees, legal defense and notification expenses, to say nothing of the cost of repairing its damaged reputation.
Letting the Public Know
As of July 2014, a full 47 of the 50 United States had either passed, amended or proposed new laws concerning data breach notifications, making any company that has suffered a data breach legally responsible for informing each affected individual. Different states do vary in their opinion of what does and does not constitute a data breach. While some have broadened the definition of personal data, others have expanded the scope of their notification requirements. Nevertheless, despite any discrepancies, all hold firm to one belief: Any company that suffers a data breach has, in the end, a legal responsibility to right the wrong with each injured party. Such attempts at rectification come at a cost that can’t help but adversely affect the bottom line.
Cyber Liability Insurance
Although it’s been available for several years, many information technology security experts appear unaware that cyber liability insurance coverage, or CLIC, even exists. This is particularly surprising in view of the fact that most business entities think nothing of carrying insurance against theft, fire and flood. In a modern technological world, however, many are coming to understand the importance of making cyber liability insurance a standard component of their overall risk mitigation strategy.
A careful determination of the areas in which an attack is most likely to occur will enable you to tailor your coverage according to need. Although particulars can vary from one policy to the next, cyber insurance policies commonly encompass:
- Electronic media or communications liability. This will protect a company against any potential claims pertaining to the computerized gathering and communication of information.
- First-party protection. In addition to cyber-related theft and fraud, this coverage serves as a bulwark against extortion, forensic investigation, business interruption and restoration of data loss.
- Third-party protection. This includes privacy and media liability, crisis management, credit monitoring and regulatory responses as well as coverage of any associated litigation and notification costs.
- Interruption expense coverage. Any loss of revenue due to computer and database downtime will fall under this heading.
- Loss of digital assets. All electronically stored files and emails will benefit from this protection.
Most such policies also cover cyber extortion and cyber terrorism.
Through proactive security measures, it is often possible to lower or limit your risk. This includes taking the steps needed to:
- Enforce the use of strong passwords.
- Eliminate weak permissions.
- Encrypt all on and off site data.
- Employ a strategy of failure analysis to identify and subsequently protect every vulnerable area.
Intelligent risk management includes not only planning for the worst that could happen but also having a means at the ready to cover all associated costs in the event of disaster. Despite the most stringent security measures, no company can ever be sure of having permanently sidestepped a data breach. The purchase of cyber insurance coverage will provide a vital measure of needed security and peace of mind. The company that fails to do this today could find itself in deep financial trouble tomorrow.