Cyber Liability and Data Breach Response Insurance
You hear a lot about data breaches in the news these days, but what about how fraud affects your business? According to the U.S. Small Business Administration (SBA), consumer identity theft costsover $220 billion each year. Educate yourself on the exposures and risks of cyber threats and how Grinnell Mutual Cyber Liability and Data Breach Response insurance can save your business and reputation.
When we think about data breaches, what comes to mind are big retailers and restaurants that do hundreds or thousands of point-of-sale transactions every week. But all businesses are exposed in some way. According to the Identity Theft Resource Center (ITRC), a 10-year average showed that the business sector accounted for 24.6 percent of all breaches — ahead of government, healthcare, and financial industry sectors.
Does your company handle anyof the following information?
- Employee or customer addresses
- Employee or customer Social Security or driver’s license numbers
- Copies of checks or credit card receipts
- W-9 forms
- Personal employee health plan records
If you have access to any of the above information, you are exposed. The exposure is not just from hackers intruding on electronic systems. Breaches are caused by lost, discarded, or stolen laptops, smartphones, and portable memory devices, to acts by disgruntled employees, to procedural errors.
A 2016 study by the Ponemon Institute put the average cost of an incident at $221 for each customer record compromised. The vast majority of that cost is attributed to lost business arising from abnormal turnover of existing or future customers. How does that cost stack up?
- A retailer with just 10 sales a day would pay $806,650 for a year’s worth of breached records.
- A single lost laptop can cost a business nearly $50,000, most of that being expenses to respond to data breached or potentially breached.
Resolving a data breach issue can involve lots of legal fees and requirements. Forty-seven states have breach notification laws, and more and more of them require a report to the state attorney general’s office. Many of the laws also include a ticking clock, so knowing ahead of time what’s required of you will save you some frantic documentation gathering when something does happen.
While data breaches are on the rise, the majority of incidents are fully preventable. Here are a few ways to reduce a chance of a data breach. For more information, the Federal Trade Commission (FTC) offers free resources for businesses of any size.
- Encrypt your devices. Over 73 percent of the 2013 breaches serviced by Beazley, Grinnell Mutual’s Cyber Liability and Data Breach response partner, involving portable devices could have been prevented if the devices were encrypted.
- Automate patch management. Staying on top of the latest available software patches and moving to automated patch management can protect against a breach.
- Enforce password complexity. Computer systems can now systematically cycle through all permutations of potential passwords. Don’t use passwords that are easy to crack. Dictionary words are capable of being deduced with an algorithm.
- Be alert to phishing. Most breaches occur because of human error, and cybercriminals use that to their advantage through techniques like phishing — posing as a legitimate company to obtain financial information. Training employees to spot a phishing is a critical step in breach preparedness.
- Double check before hitting send. Double-checking the contents of a file, email address, or mailing details is a must, especially when sending data to outside vendors.
- Keep score. An easy and proactive way to determine whether or not your business’ bottom line is being compromised is to routinely monitor your profile with all three major business credit bureaus. The Consumer Financial Protection Bureau (CFPB) recommends a credit monitoring service, which will take the guesswork out of the process.
- Protect your papers. Most business owners know to store their sensitive documents in a secure place, but it’s also important to invest in either a shredder to dispose of paperwork containing confidential information.
- Get the facts about cyber liability and data breach insurance. In this digital age, protecting your business from costly liability claims in the case of a data breach is not a should-do; it’s a must-do. We have collected common questions about cyber liability and data breaches and provided reliable answers to help you wrap your mind around this important business coverage. (Check out the FAQ section below).
Take a few minutes to learn the facts about cyber liability insurance. To make it easy, we have collected common questions about cyber liability and data breaches and provided reliable answers to help you wrap your mind around this important business coverage.
What is a data breach?
A data breach is an incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an unauthorized individual. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property. For the purposes of the Grinnell Mutual form, this information may be electronic or physical records.
Here’s a hypothetical example of something that might be covered in a retail setting: An employee at Must-Have Mainstreet Jewels is fired for misconduct. Because he is angry, before he leaves, he gathers customers’ personal and credit-card information on a flash drive. Mrs. Sparkly has her identity stolen as a result, sues Must-Have Mainstreet Jewels, and wins a fairly hefty settlement.
See more examples for other types of businesses here.
What is first-party coverage?
This type of coverage covers the cost of notifying affected parties about the breach; funding public relations and crisis management measures to rebuild your reputation; credit-monitoring services; payment of regulatory and Payment Card Industry Data Security Standard (known as PCI) fines; legal services; and computer expert services.
What is third-party coverage?
This type of coverage includes legal expenses and damages if your business is sued over a data breach or displays unauthorized media material online on a site maintained by the insured.
What is the difference between data breach coverage and cyber liability coverage?
Data Breach is the first-party portion of the coverage. Cyber Liability is the third-party portion (see questions 1 and 2).
Does it cover employees’ information if it is corrupted or stolen?
Yes. Employees’ health care or tax information provides a wealth of PII that is susceptible to data breach.
Does it apply to analog/paper records as well as digital records?
Yes, Cyber Liability and Data Breach Response Coverage applies to both electronic data breaches and breach of physical records. For example, coverage for a breach involving theft of a file drawer or a laptop containing subcontractors’ and employees’ PII information.
What is an example of a specific claim for analog data losses?
An employee decides to throw away customers’ credit-card information in the dumpster outside instead of properly shredding it. Later that night an individual takes the trash bags containing this PII.
Why is this type of coverage important to my business as a policyholder?
According to the Identity Theft Resource Center (ITRC), there were nearly 6,000 reported breaches you probably didn’t hear about from 2005 to 2010. In 2015 alone, The ITRC found that 40 percent of reported breaches happened in the business sector. Small businesses paid an average of $38,000 to recover from them. And those are only the ones that were reported. It’s estimated that more than 50 percent of breaches go unreported. Cyber liability and data breach incidents are a matter of “when” not “if.”
Does this cover identity theft?
This coverage provides breach resolution and mitigation services such as credit monitoring or identity monitoring to the individuals notified of a breach of their information. This coverage is not for identity theft of the named insured.
Grinnell Mutual strives to offer our commercial customers top-quality protection and services. That’s why we partnered with Beazley, a leading insurer of technology and information security risks.
Our Cyber Liability and Data Breach Response Coverage, a solution to privacy breaches and information security exposures, is tailored to the needs of small to mid-size businesses.
This privacy breach response management and information security solution includes a range of services designed to help respond to an actual or suspected data breach incident efficiently and in compliance with the law.
- Response to breach events, including notification, call center services, breach resolution, mitigation services, public relations, and crisis management
- Third party liability, including coverage for regulatory actions and payment card industry (PCI) coverage for credit card breaches
- Assistance at every stage of the investigation from Beazley’s in-house team of data privacy attorneys and technical experts
- Initial breach investigation and consulting
- Complimentary loss control and risk management information, including online resources and value-added educational webinars
For more information
Contact your local agent today for a quote or to learn more about Cyber Liability coverage.
The summarized coverage descriptions are used for reference only and do not contain relevant policy conditions, exclusions, or limitations. Products and discounts not available to all persons in all states and are subject to underwriting guidelines, review and approval.
The information included was obtained from sources believed to be reliable, however Grinnell Mutual Reinsurance Company and its employees make no guarantee of results and assume no liability in connection with any training, materials, suggestions or information provided. It is the user’s responsibility to confirm compliance with any applicable local, state or federal regulations. Information obtained from or via Grinnell Mutual Reinsurance Company should not be used as the basis for legal advice or other advice, but should be confirmed with alternative sources.