By Irena Ducic, Growth Marketer, Embroker
Article text: Every company that stores and handles sensitive customer, partner, or vendor information has the responsibility to protect that data from a variety of potential attackers. If this data is stolen or its privacy compromised in any way, the company can be held liable for such incidents.
These types of claims can potentially cost your company a lot of money, not just in settlements or damages, but also in legal fees and the recovery process. According to a report by IBM, the average cost of a data breach in 2020 was a frightening $3.86 million.
Given that 2020 brought with it an increase in remote working and online business communication as a response to the global pandemic, companies had to leverage the benefits of technology and the Internet to conduct their operations successfully. Almost 50% of businesses now use the cloud as a preferred storage option for storing classified information, and even though many do properly invest resources towards cybersecurity, there is no such thing as absolute protection from potential hackers.
Cybercrime is constantly on the rise, with predictions estimating that a business will fall victim to a ransomware attack every 11 seconds over the course of 2021. Since most data breaches are linked to human error, it’s important to make sure your employees receive the necessary training to recognize and report a cyberattack.
But beyond investing in cybersecurity experts and staff education, transferring some of this risk to a third party via insurance is another very important step in your company’s efforts towards managing cybersecurity risks and the many unfortunate outcomes that can arise from them; a common one being privacy liability claims.
The Dangers of Privacy Liability Claims
A data breach incident seldom affects just the breached company. Depending on the extent of the attack, it can end up affecting a significant number of other victims. The process of discovering a data breach and recovering from it is often long and daunting and it can cause severe financial losses to the breached party and everyone else affected by the incident.
Let’s suppose that your company suffers a data breach that extends to your clients’ records. The affected clients can decide to sue your business for breaching their privacy, which will lead to a host of expensive legal fees, potential compensation, or settlement money, as well as having to pay experts to investigate the scope of the incident and contain the damage.
Breach of privacy claims get a lot of public attention, especially long-lasting and expensive lawsuits. Even if you are a small business, the data breach could become public knowledge quickly and potentially cause severe damage to your company’s reputation. All things considered, data breaches often come at a staggering price.
This is why, once again, you should strongly consider transferring some risk to an insurance carrier by purchasing an adequate cyber insurance policy to protect your assets.
What Is Cyber Insurance?
Cyber liability insurance protects businesses from the consequences of cybercrime, including cyberattacks, phishing attempts, and data breaches. It not only covers the costs of potential legal fees in the case of third-party claims against your company but also pays for additional expenses related to the cyberattack or data breach. A comprehensive cyber insurance policy could extend to provide you with the resources needed to investigate the extent of the incident and design a robust cybersecurity policy that would help prevent future attacks.
A cyber insurance policy can be split into two types of coverage: first-party and third-party. First-party coverage is designed to protect your company by covering all your losses stemming from a data breach, whereas the third-party policy covers the costs of the other affected parties, such as your clients, partners, or vendors.
Let’s have a look at what costs a comprehensive cyber insurance policy should cover:
- Notification costs: When a company becomes a victim of a data breach, it has the responsibility to notify everyone affected. Depending on the company’s size and the extent of the breach, this could mean a substantial amount of money.
- Computer forensics costs: Your chosen cyber insurance policy should not only cover all the expenses related to the attack but also help you hire experts that would look into its origin and cause and help companies minimize future exposure by implementing better security protocols.
- Credit monitoring costs: Simply put, your insurance policy pays for all the victims’ insurance policies. State regulators require this, and they usually ask for extensive protection.
- Legal costs and civil damages: A single data breach can affect hundreds or even thousands of victims, which can result in a huge number of class action claims. These payouts are often costly and it helps to have your insurance cover legal expenses, potential settlements, or awarded damages.
Specific Privacy Coverages
Your customers entrust you with their personal information and expect you to protect it from any unauthorized exposure. If attackers access this data, they breach your clients’ privacy. That usually results in class action claims against your company, which, as mentioned, could cost you a fortune. Most insurance experts recommend that businesses add specific data breach coverage to their cyber insurance policy to cover the following:
- Data loss and recovery: Discovering a breach and recovering from it is a lengthy process that also requires significant funds, so it’s good to have your insurance kick in and take care of it for you.
- Business interruption and related loss of revenue: It takes months to recover from a serious data breach and that could bankrupt your business if you aren’t making any money in the meantime. Your insurance policy would cover for lost business income while your business gets back on its feet.
- Extortion attempts: The attackers could ask for ransom money in order to return your data or not leak it to the public. It would be best to let your insurer handle this situation for you and decide if the payment should be made.
- Public relations costs: Privacy breaches could cause substantial reputational damage to your company. Your insurer would help you hire a team of experts to control the crisis and create a plan for containing the negative impact.
How Much Will You Have to Pay to Be Protected?
The price of your cyber insurance would depend on several key factors:
- The size of your business: The more employees you have, the greater the risk that your company falls victim to a phishing attack.
- Industry: Based on the industry you are in and the type of data you store, the insurer estimates your risk level. For example, someone in the healthcare industry faces a more severe threat of a data breach than someone in the business of manufacturing clothing.
- The amount and sensitivity of data you store: If you store sensitive personal information, health records, or payment information, you will be classified as a high-risk business.
- Strength of your security measures: The insurer appreciates and rewards businesses that implement strong security measures and have sound cybersecurity policies in place.
- Annual revenue: It is more likely that criminals would target a business that has more clients and makes more money.
On average, a cyber liability policy in the US costs medium-sized businesses about $1,500 per year. Of course, the aforementioned characteristics of your business and others, such as the state in which you operate and the terms and limits of your policy, could drastically alter the cost of a cyber policy.
Even though a cyber insurance policy does not protect you from cybercrime, it does provide financial support that could help your company survive a potentially devastating data breach. The consequences of such incidents can sink even the strongest companies should they be left unprotected and without the financial safety net that robust insurance coverage can provide.
About the Author
Irena Ducic is a Growth Marketer at Embroker, a digital insurance company reinventing how businesses ensure they can take the risks they need to grow. Irena is a philologist by education and a great admirer of language and its value to all things marketing.