What is Data Breach Insurance?

Learn about data breach insurance, why it's important, how it works, and what to look for in a policy in the latest Data Protection 101, our series on the fundamentals of information security.

Data breaches affect companies of all sizes across every industry. With the high cost of a data breach, having a data breach insurance may prove to be a smart decision. In this article, we’ll discuss what data breach insurance is, how it differs from cyber insurance, and a few tips on getting the best data breach insurance policy for your business.

Definition of Data Breach Insurance

Data breach insurance is a form of insurance designed to protect companies against damages caused by a data breach. As data breach insurance and cyber insurance have overlapping applications, the two terms are often interchanged. But you shouldn’t confuse the two as they are not precisely the same thing.

Cyber insurance will cover most damages caused by cybersecurity events. A data breach is one of those events. Thus, data breach insurance can be described as cyber insurance that’s specifically meant for data breaches.

What is a Data Breach?

According to TechTarget, a data breach is “a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.” A data breach may involve personal details (like social security details or credit card numbers), government intelligence, trade secrets, and corporate information.

When people talk about data breaches, usually the first thing that comes to mind is hacking. But data breaches are not only the work of hackers. Malicious insiders, malware and ransomware, poor employee habits, or a malfunction in the cybersecurity system can also cause them.

Data breaches are incredibly costly, causing enough financial harm that 60% of small businesses close permanently within six months of suffering a breach.

Why is Data Breach Insurance Important?

In a nutshell, data breaches can be costly. NetDiligence’s 2015 Cyber Claims Study puts the average cost of a lost record at $964.31. Moreover, in 2019, the average cost of a single data breach spans everywhere from $1.25 million to $8.19 million on average, depending on the country and industry. The ransom demanded by hackers for stolen data, fines and other penalties imposed by regulatory agencies, and the adverse effects of a data breach to your company’s reputation all add to the overall cost of a data breach. In such situations, having a data breach insurance can cover some or all the expenses, help your company resolve the case, and mitigate the losses.

How Does Data Breach Insurance Work?

Data breach insurance policies vary, but most of them will have first-party and third-party coverages. Let’s differentiate the two types of coverage:

• First-party coverage: First-party coverage directly applies to the company that bought the insurance. First-party data breach insurance usually covers the cost of forensic investigation, fines and other penalties because of lost data, monetary loss, hardware and software damages, and the cost of notifying affected customers.
• Third-party coverage: Third-party coverage deals with affected parties outside the insured company. Under this coverage are legal expenses, damages, settlements, and claims by customers or individuals affected by a data breach.

Whether to get first-party or third-party insurance depends on your company’s situation. If your company stores customers’ data in your network, first-party coverage will always be a significant investment. It can provide the funds for notifying customers, pay for credit monitoring services, and/or pay for fines. Now, if your company is vulnerable to lawsuits that could be triggered by a data breach, then you should consider getting third-party insurance coverage, as well.

What to Look for in a Data Breach Insurance Policy

Once your company decides to get data breach insurance, it’s time to shop for the right policy. Consider the following factors:

• Know the coverage your company needs. Know that a data breach isn’t only about financial risks. Your company may have to report to the government and notify affected customers. Your security system has to be updated. All these activities come with a cost, and the support provided by a data breach will be of big help.
• Make sure the policy is clearly worded. Know not only the specific coverage offered in what circumstances, but also the covered incidents. For instance, if the policy doesn’t mention “hacking,” but the data breach happened by hacking, your company could run into problems during a claim.
• Review the policy with the company and current laws in mind. This has become more critical, especially with new legislation and regulations cropping up, not to mention the stiff fines and penalties that can result from non-compliance with regulations like GDPR or the California Consumer Privacy Act, among others. Reviewing data breach insurance policies and evaluating coverage options with applicable regulations in mind will help to ensure that you get the right policy.

Choosing a data breach insurance policy is a serious matter. While the insurance can’t prevent a data breach from happening in the first place, it can help your company mitigate the negative consequences.