Privacy & Security Liability Insurance
What kinds of companies should be concerned about the loss of personal information?
Any company that retains this information should be concerned. And it’s not just companies that do business electronically. Companies that have paper files containing personal information are subject to breaches, as well.
Small business owners often think that their risk of a security breach is small and don’t believe that they will be targeted, but it can be faster and simpler for a hacker to access personal information from a small business than it would be to crack the system of a corporate giant with several layers of security.
A Wall Street Journal article cited examples of small business owners who never thought they would be targeted but were crippled by cyber attacks. In one example, a Chicago area magazine shop owner found software on his cash registers that was sending credit card information to Russia. In another case, a Kansas car dealership found that a hacker had added nine employees to its payroll through its bank account and transferred $63,000 to them.
As a result of the risks, businesses of all sizes need to financially protect themselves against a claim. Lawsuits resulting from breaches can come from vendors, employees, business associates and other third parties. And it’s not just the company that is at risk; directors and officers have a duty to make sure that systems are in place to make sure a breach doesn’t happen, and, if it does, they could be held responsible as well.
How can privacy and security liability insurance help protect a company if a breach occurs?
Privacy and security liability insurance provides coverage for the theft or loss of personal information and for the alteration, corruption, destruction, deletion or damage of data assets. It also provides protection for security-related events and gives a company a layer of protection above and beyond its IT systems and internal management control.
Not having coverage can prove costly in the event of a breach, if a laptop containing personal information is stolen, or a company’s electronic backup of paper records is hacked.
The average cost of a data breach is $210 per lost customer record; if your company stores 20,000 customer records, that could mean a possible loss of $4.2 million. Business leaders need to consider whether that is a hit that their business can afford to take.
What should a business owner look for in privacy and security liability coverage?
If you buy privacy and security coverage, make sure you have protection within your policy for regulatory defense and penalties that could be imposed as a result of a breach at your company.
Also consider including crisis management and public relations coverage. If your company experiences a breach and personal information is accessed, that can create a big hit to your reputation. Once customers are aware of the breach, they may no longer feel comfortable turning over personal information to your business. Public relations coverage can help you repair your reputation and create a campaign to let the public know that you are still a good company to have as a business partner.
Some carriers may not provide certain types of coverages, so with the help of an outside adviser, identify those that have broader protections for your business. That would include crisis management, network business interruption insurance, cyber extortion and event management, all coming together under one policy.