Every week seems to bring another news report of yet another data breach. Large companies – with troves of credit card numbers – are consistently popular targets, along with (as we’ve learned) the federal government’s database of employee social security numbers, and databases that contain information more embarrassing than financially sensitive (see: Sony and Ashley Madison). Health care entities are also being targeted more frequently, as their databases contain both personal and financial information ripe for identity theft and fraud. Meanwhile, more and more business operations are moving online. Clearly, the solution to data breaches is not going to be a return to the days of paper.
We’ll leave the technical issues to the coding geniuses who are trying to defend us against the hackers, but there is one protection businesses can adopt now, no coding knowledge necessary: cyber liability insurance. This relatively new insurance product is intended to provide coverage for losses resulting from data breaches. As with all insurance products, the details vary widely. The policies generally cover a variety of expenses arising from data breaches, such as notification costs, credit monitoring, costs to defend claims, and fines. However, some policies may only cover losses arising from negligence or unintentional breaches, but not breaches caused by the intentional misconduct of employees or criminal acts.
The process of getting a cyber insurance policy will usually require the insured to evaluate its current online security measures and, if necessary, adopt additional protections – a useful exercise with or without the insurance.
Businesses engaged in electronic activities, such as online sales or data collection, would be wise to talk to their insurance brokers about the cyber policy options available to them. There are also (unsurprisingly) a growing number of companies dedicated entirely to cyber security consulting, who can provide more comprehensive counseling in all matters cyber.