Imagine your business suffered a data breach. It might not end up being an Equifax-scale media and legal meltdown, but without insurance it could put you out of business.
Even if you’re a startup, the cybersecurity risks are real. In fact, you have a higher chance of experiencing a breach. According to Verizon, small businesses account for 58 percent of data breach victims.
If you happen to be part of this stat, a data breach can run you somewhere between $150-250 per customer.
To mitigate this risk, insurance companies have developed cyber insurance coverage, but it’s still relatively new. As a business owner, this means there big variations between policies they aren’t necessarily tailored to your needs.
To help you navigate, here are 8 questions you should be able to answer before you shop for a data breach policy.
1. What is data breach insurance?
Data breach insurance is a wide-ranging policy covering any potential costs of a data security breach that could hit your business.
It is a category within the broader coverage of cyber insurance. You take out a cyber insurance policy and as part of this, you get coverage if sensitive data is compromised.
Cyber insurance covers two main types of losses: first party and third party.
First party
First party losses are costs that you will have to pay out in the event that you are hacked. It is protection from these losses that people tend to refer to as data breach insurance.
These first party costs can include:
Immediate business costs – Loss or restoration assets on your network, intellectual property, trade secrets and business interruption expenses
Client notification – Informing the people affected about what has happened; This Is a legal requirement in most states.
Credit monitoring – This enables you to offer personal credit monitoring to those whose data may have been stolen in a data breach.
Public relations – Cost of retaining public relations consultants to help mitigate reputation damage arising from the data breach.
Cyber extortion – If there is extortion associated with the data breach, such as a ransomware attack where you are required to pay to gain access to your data.
Compliance assistance – Making sure laws and regulations are followed in the event of a data breach, to avoid fines or even a lawsuit.
Data breach analysis – Consulting and forensic fees to identify and resolve the cause of a data breach
Third party
Third party costs would be to cover you if someone brings a lawsuit against you for the data breach.
Reasons for claims against your business could include any of the following: invasion of privacy, emotional distress, and any losses sustained by your clients.
2. What counts as a data breach?
A data breach is when your company’s network is accessed and a third party gains access to your customers’ personal information, such as Social Security or credit card numbers.
It could also include the destruction of your company’s data, shutting down your network so you can’t do business, or accessing patents or trade secrets.
Cover should also kick in should a data breach occur without someone hacking your network. (e.g. accessing a company computer that was lost by an employee)
Offline data breaches would also count, such as if confidential records were not disposed of in a secure way.
3. What data do I have?
Before you buy data insurance make sure you know the amount and types of client data you have.
For a lot of startups, the most common data type is customer credit card information. In this case, the main concern would be customer credit card information being compromised.
Evaluate the type of information that you have in your database to determine the limit of insurance you should be considering.
Your insurance limit should reflect the amount of personal identifiable information that you have for each person in your data base.
Contact us for the best prices on cyber insurance now:
4. How much coverage will I need?
In a perfect scenario, you would have liability coverage that protects you for the estimated cost of a data breach.
It’s important to evaluate the type of information that you have in your data base to determine the limit of insurance you should be considering.
Your insurance limit should reflect the amount of personal identifiable information that you have for each person in your data base.
A standard coverage limit will be in the range of $1 million to $3 million depending on the size of your business.
Of course, these can go higher if the nature of your business data requires greater coverage amounts.
An insurance agent with experience in cyber and data breach insurance will be able to help you determine an appropriate level.
5. What security measures should you have in place?
When buying insurance to cover a data breach your insurer may want to know about your current security set up. This could include details about your anti-virus and firewall set-up.
This isn’t as much of a requirement as before, but even if you don’t have to provide it, you’ll want to make sure you have key safeguards in place.
As with any other type of insurance, the information you provide when setting up the policy needs to be accurate. If you incorrectly state that you have security measures in place and then suffer a breach, your claim may not be paid.
6. What else will the policy cover?
Cyber insurance will cover more than just data breaches. However, details of policies can vary significantly. Generally, policies will cover a data breach where client data is compromised or business interruption if a breach occurs with your own data (e.g. through ransomware).
Businesses can extend coverage to first party (ie your company’s) costs from the result of social engineering scams (e.g. phishing).
7. Do any other insurance types cover this?
Data breaches are unlikely to be covered by other forms of insurance you have. A traditional errors and omissions or general liability policy would not afford coverage for cyber losses.
These losses are generally only included as an add-on with higher premiums. If you have not specifically requested this kind of add-on, you would need a separate cyber policy.
With increasing threats from malware, ransomware, and phishing, policies that aren’t specifically tailored for cyber coverage probably won’t be sufficient in terms of both scope and coverage limit.
8. How much does it cost?
Despite the high potential costs of a data breach, getting coverage doesn’t have to be expensive.
A general starting range for small and medium-sized businesses would be $650 – $1,000.
Cover is here to find you the right insurance to help grow your business. To find out more about the cyber and data breach policies we offer click here to reach to contact a Cover agent.
