Cyber Liability / Data Breach Insurance
Do I need cyber liability insurance?
If you handle or store private business, customer, patient, or employee data, you are at risk for a data breach and should have cyber liability coverage. It is your company’s duty to protect the data and financial information of your customers and employees. The following businesses are at a higher risk for a data breach due to the quantity and type of sensitive information they may handle and store:
36% of all targeted attacks (58 per day) were directed at businesses with 250 or fewer employees. (Symantec, June 2012)
44% of small businesses report that their business had been struck by a cyber attack. (National Small Business Association, Sep 2013)
- Healthcare practices including dental offices
- Law offices
- Accounting offices
- Financial services
The Facts: A doctor's practice sustains a network security breach. The attackers steals patient records including financial information and health benefits account data. Data is re-sold to individuals who use benefits information to fraudulently obtain medical services. Legitimate patients sue seeking compensation for emotional distress in addition to other consequential damages. The legitimate patients' health insurance carriers sue the doctor's practice to recover reimbursements made for fraudulently obtained health services.
The Bottom Line: Defense costs totaled $300,000 and $500,000 to reimburse the health insurance carriers. The direct cost per breached record was about $67.
Does my business insurance policy cover data breaches?
The standard business insurance policy covers tangible assets such as office furniture and equipment. Since electronic data is not considered tangible, it is generally not covered under a normal business policy. The solution is to purchase a cyber liability policy for your business.
What constitutes a data breach?
A data breach is the loss, theft, accidental release or accidental publication of Personally Identifiable Information (PII) and Protected Health Information (PHI) including:
Social security number
- Bank account number
- Credit or debit card numbers
- Driver’s license number
- Email address
- Patient history and medications
It can occur through hacking, theft or release due to unauthorized access, stolen or lost electronic files, stolen or lost laptop, smartphone, tablet, or computer disks, stolen credit card information, employee error or oversight. The most common cause for a data breach is negligence.
Read about the biggest data breaches in history >>
What is covered by a cyber liability policy?
- Network Security and Privacy Liability
- This covers third party claims arising out of a breach of your Network Security or other private information.
- Example: A patient sues you because their information was compromised and stolen due to a data breach within your dental practice.
- Privacy Breach Response
- This covers first party legal, public relations, advertising, IT forensic, call center, credit monitoring, identity theft restoration and postage expenses incurred by you in response to a privacy breach.
- Example: Since you have had a data breach, you are now legally required to notify all affected individuals via first class postal mail and to potentially provide credit monitoring for all affected individuals. The average cost to notify affected individuals is $20 per record.
- Network Asset Protection / Network Restoration
- This covers expenses to recover and/or replace data that is compromised, damaged, lost, erased or corrupted.
- Example: You have to restore your client records after a virus attacked your network and corrupted all of your files.
- Regulatory Defense and Penalties
- This covers defense costs and potentially fines/penalties for violations of privacy regulations.
- Example: You have to appear at and pay penalties for a Privacy Regulation Proceeding alleging a violation of any Security Breach Notice Law (HIPPA).
- Cyber Extortion
- This will pay extortion expenses and extortion monies as a direct result of a credible cyber extortion threat.
- Example: A hacker gains access to your network and withholds your data from you unless you pay X amount of dollars to the hacker.