Every company that stores and handles sensitive data from customers, vendors, partners, or other entities critical to the business has the responsibility to protect that data from a variety of potential hackers.
If this data is compromised in any way, the company can be held liable for these attacks.
These claims can potentially cost a company a lot of money between damages, settlements, legal fees, and the overall recovery process.
According to IBM, the average cost of a data breach in 2020 was an incredible $3.9 million. That’s enough to ruin most small businesses.
Given that 2020 brought with it more remote work and communication in response to Covid-19, companies had to rely more on technology and the internet to carry out their operations.
Nearly 50% of businesses now use the cloud as a preferred storage option for storing classified information, and even though many do properly invest resources towards cybersecurity, there is no such thing as absolute protection from potential hackers.
Cybercrime is constantly on the rise. One estimate pegs that a ransomware attack occurs at least every 11 seconds over the course of 2021. Most data breaches are related to human error, so it’s important to ensure your employees receive the necessary training to recognize and report a cyberattack.
Beyond staff education and dedicated cybersecurity experts, insurance is another important step in your company’s efforts towards managing cybersecurity risks and avoiding the left-tail outcomes that can arise from security breaches. Privacy liability claims are a big one.
How Privacy Liability Claims Can Ruin a Business
A data and information breach incident rarely impacts just the company that was attacked. Usually there are a significant number of other victims, including consumers and other businesses.
Discovering a data breach and recovering from it can take time and cause deep financial losses to the compromised party and everyone else impacted.
Say your company suffers a data breach that extends to your clients and their personal information. The affected clients can decide to sue your business for breaching their privacy.
This will lead to:
- various forms of expensive legal fees
- potential compensation or settlement money to be paid to the victims, as well as
- having to pay cybersecurity experts to investigate the scope of the incident and contain the damage
Breach of privacy claims get a lot of public attention, especially when they involve expensive lawsuits that get dragged out over months or years.
Even small businesses can see a data breach become public knowledge quickly and potentially cause damage to your company’s reputation. All things considered, data breaches are often extremely expensive.
An insurance carrier that has an adequate cyber insurance policy can help you protect your assets to help offset this risk.
What Is Cyber Liability Insurance?
Cyber liability insurance protects businesses from the ramifications of cybercrime. This includes cyberattacks, phishing attempts, and data breaches.
It covers potential legal fees but also pays for other expenses related to the cyberattack or data breach.
A comprehensive cyber insurance policy could provide the resources needed to investigate the incident more fully and design a robust cybersecurity policy that could help prevent future attacks.
A cyber liability insurance policy can be split into two types of coverage: first-party and third-party.
First-party coverage is used to protect your company from all your losses that might come from a data breach.
A third-party policy covers the costs of affected parties, such as your customers, business partners, and/or vendors.
The costs a comprehensive cyber insurance policy should cover include:
When a company has a data breach, it has the responsibility to notify everyone affected by it, along with law enforcement.
The company’s size and the extent of the security breach will be the major factors determining the overall associated cost.
Credit monitoring costs
Your insurance policy pays for all the victims’ insurance policies. State regulators mandate this and usually require robust protection.
Computer forensics costs
Your cyber insurance policy should not only cover all the expenses related to the attack itself but also help you hire cybersecurity experts that can look into the cause and scope of the incident and help companies minimize future exposure by implementing better security protocols.
Legal costs and civil damages
A single data breach can affect hundreds, thousands, or even millions of victims (e.g., Experian, T-Mobile). This can result in a massive number of class action claims.
These payouts are often expensive. It helps to have your insurance cover legal expenses, potential compensation or settlements, and/or awarded damages.
Specific Forms of Privacy Coverages
Your clients, partners, and vendors entrust you with their personal data and information and expect you to protect it from any unauthorized exposure.
If attackers access this data, clients’ privacy is compromised. That usually results in class action claims against your company, which, as mentioned above, could cost a significant amount of money.
Most insurance experts recommend that firms add specific data breach coverage to their cyber insurance policy to cover the following, if necessary:
Loss of revenue from operations disruption
It often takes months to recover from a serious data breach. Depending on the extent to which operations are disrupted, that could bankrupt your business.
Your insurance policy would help cover for lost business income while your business gets back up and running.
Data loss and follow-on recovery
Discovering a breach and recovering from it requires significant time and monetary resources. Accordingly, it’s good to have your insurance help you out in this respect by giving you the resources to hire the right experts.
There is significant reputational harm involved in a data breach. Not only are current customers likely to lose trust, it may impair your ability to keep getting new ones.
Your insurer would help you hire a team of PR experts to manage the crisis and create a plan coming back out of it. (For some companies hit hard, it can even mean rebranding.)
Cybercriminals could ask for ransom money in order to return your data or not leak it to the public. It’s a difficult decision for a business. You can make the payment and hope everything is returned and not leaked. But you can also pay and not get everything restored plus a broader leak.
It’s best for your insurer handle the extortion attempt for you and decide if the payment should be made.
How Much Does Cyber Insurance Cost?
The price of cyber insurance depends on several variables:
The size of your company
The more employees you have, the greater the risk that your company can fall victim to a security breach.
A business that has more clients and makes more revenue is likely to be more targeted by cybercriminals.
But small businesses are at high risk as well because their security measures are generally less sophisticated and sometimes even non-existent.
The industry you’re in and the type of data you store will have an impact on your estimated risk level.
For example, someone in the consumer retail industry faces a more severe threat of a data breach than someone in the business of manufacturing.
The amount, type, and overall sensitivity of data you store
If you store sensitive info like health records, personal information, or payment/credit card information, you will be considered a high-risk business.
Strength of your security measures
The insurer will reward businesses that have strong security protocols and have sound cybersecurity policies in place.
On average, a cyber liability insurance policy in the United States costs mid-sized businesses about $1,500-$2,000 per year.
Of course, there are many variables at play. The abovementioned characteristics of your business and influences such as the state in which you operate, the terms and limits of your policy, and other factors could have a big difference on the cost of a cyber insurance policy.
Even though a cyber insurance policy does not insulate you from cybercrime directly, it does provide financial support and reduce left-tail risk to help your company weather a potentially devastating privacy breach.
The fallout from such incidents can have big consequences for even the largest and strongest companies should they be left without the financial safety net that a comprehensive cyber insurance coverage can provide.