Cyber Liability and Data Breach Response Insurance

Cyber Liability and Data Breach Response Insurance

You hear a lot about data breaches in the news these days, but what about how fraud affects your business? According to the U.S. Small Business Administration (SBA), consumer identity theft costs over $220 billion each year. Educate yourself on the exposures and risks of cyber threats and how Grinnell Mutual Cyber Liability and Data Breach Response insurance can save your business and reputation.

Your cyber liability and data breach exposures

When we think about data breaches, what comes to mind are big retailers and restaurants that do hundreds or thousands of point-of-sale transactions every week. But all businesses are exposed in some way. According to the Identity Theft Resource Center (ITRC), a 10-year average showed that the business sector accounted for 24.6 percent of all breaches — ahead of government, healthcare, and financial industry sectors.

Significant cyber liability exposures

Does your company handle any of the following information?

  • Employee or customer addresses
  • Employee or customer Social Security or driver’s license numbers
  • Copies of checks or credit card receipts
  • W-9 forms
  • Personal employee health plan records

If you have access to any of the above information, you are exposed. The exposure is not just from hackers intruding on electronic systems. Breaches are caused by lost, discarded, or stolen laptops, smartphones, and portable memory devices, to acts by disgruntled employees, to procedural errors.


Find more business coverages Contact an agent


The price of a data breach

A 2017 study by the Ponemon Institute  put the average cost of an incident at $225 for each lost or stolen record. The vast majority of that cost is attributed to lost business arising from abnormal turnover of existing or future customers. How does that cost stack up?

  • A retailer with just 10 sales a day would pay $806,650 for a year’s worth of breached records.
  • A single lost laptop can cost a business nearly $50,000, most of that being expenses to respond to data breached or potentially breached.

Resolving a data breach issue can involve lots of legal fees and requirements. Forty-seven states have breach notification laws, and more and more of them require a report to the state attorney general’s office. Many of the laws also include a ticking clock, so knowing ahead of time what’s required of you will save you some frantic documentation gathering when something does happen.

How to reduce the chance of a data breach

While data breaches are on the rise, the majority of incidents are fully preventable. Here are a few ways to reduce a chance of a data breach. For more information, the Federal Trade Commission (FTC) offers free resources for businesses of any size.

  1. Encrypt your devices. Over 73 percent of the 2013 breaches serviced by Beazley, Grinnell Mutual’s Cyber Liability and Data Breach response partner, involving portable devices could have been prevented if the devices were encrypted.
  2. Automate patch management. Staying on top of the latest available software patches and moving to automated patch management can protect against a breach.
  3. Enforce password complexity. Computer systems can now systematically cycle through all permutations of potential passwords. Don’t use passwords that are easy to crack. Dictionary words are capable of being deduced with an algorithm.
  4. Be alert to phishing. Most breaches occur because of human error, and cybercriminals use that to their advantage through techniques like phishing — posing as a legitimate company to obtain financial information. Training employees to spot a phishing is a critical step in breach preparedness.
  5. Double check before hitting send. Double-checking the contents of a file, email address, or mailing details is a must, especially when sending data to outside vendors.
  6. Keep score. An easy and proactive way to determine whether or not your business’ bottom line is being compromised is to routinely monitor your profile with all three major business credit bureaus. The Consumer Financial Protection Bureau (CFPB) recommends a credit monitoring service, which will take the guesswork out of the process.
  7. Protect your papers. Most business owners know to store their sensitive documents in a secure place, but it’s also important to invest in either a shredder to dispose of paperwork containing confidential information.  
  8. Get the facts about cyber liability and data breach insurance. In this digital age, protecting your business from costly liability claims in the case of a data breach is not a should-do; it’s a must-do. We have collected common questions about cyber liability and data breaches and provided reliable answers to help you wrap your mind around this important business coverage. (Check out the FAQ section below).


Find more business coverages Contact an agent


Cyber Liability and Data Breach Response FAQs

Take a few minutes to learn the facts about cyber liability insurance. To make it easy, we have collected common questions about cyber liability and data breaches and provided reliable answers to help you wrap your mind around this important business coverage.

What is a data breach?

A data breach is an incident in which sensitive, protected, or confidential data has potentially been viewed, stolen, or used by an unauthorized individual. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property. For the purposes of the Grinnell Mutual form, this information may be electronic or physical records.

Here’s a hypothetical example of something that might be covered in a retail setting: An employee at Must-Have Mainstreet Jewels is fired for misconduct. Because he is angry, before he leaves, he gathers customers’ personal and credit-card information on a flash drive. Mrs. Sparkly has her identity stolen as a result, sues Must-Have Mainstreet Jewels, and wins a fairly hefty settlement.

What is first-party coverage?

This type of coverage covers the cost of notifying affected parties about the breach; funding public relations and crisis management measures to rebuild your reputation; credit-monitoring services; payment of regulatory and Payment Card Industry Data Security Standard (known as PCI) fines; legal services; and computer expert services.

What is third-party coverage?

This type of coverage includes legal expenses and damages if your business is sued over a data breach or displays unauthorized media material online on a site maintained by the insured.

What is the difference between data breach coverage and cyber liability coverage?

Data Breach is the first-party portion of the coverage. Cyber Liability is the third-party portion (see questions 1 and 2).

Does it cover employees’ information if it is corrupted or stolen?

Yes. Employees’ health care or tax information provides a wealth of PII that is susceptible to data breach.

Does it apply to analog/paper records as well as digital records?

Yes, Cyber Liability and Data Breach Response Coverage applies to both electronic data breaches and breach of physical records. For example, coverage for a breach involving theft of a file drawer or a laptop containing subcontractors’ and employees’ PII information.

What is an example of a specific claim for analog data losses?

An employee decides to throw away customers’ credit-card information in the dumpster outside instead of properly shredding it. Later that night an individual takes the trash bags containing this PII.

Why is this type of coverage important to my business as a policyholder?

According to the Identity Theft Resource Center (ITRC), there were nearly 6,000 reported breaches you probably didn’t hear about from 2005 to 2010. In 2015 alone, The ITRC found that 40 percent of reported breaches happened in the business sector. Small businesses paid an average of $38,000 to recover from them. And those are only the ones that were reported. It’s estimated that more than 50 percent of breaches go unreported. Cyber liability and data breach incidents are a matter of “when” not “if.”

Does this cover identity theft?

This coverage provides breach resolution and mitigation services such as credit monitoring or identity monitoring to the individuals notified of a breach of their information. This coverage is not for identity theft of the named insured.

What Grinnell Mutual can offer your business

Experienced partners

Grinnell Mutual strives to offer our commercial customers top-quality protection and services. That’s why we partnered with Beazley, a leading insurer of technology and information security risks.

Our Cyber Liability and Data Breach Response Coverage, a solution to privacy breaches and information security exposures, is tailored to the needs of small to mid-size businesses.

This privacy breach response management and information security solution includes a range of services designed to help respond to an actual or suspected data breach incident efficiently and in compliance with the law.

Coverage includes

  • Response to breach events, including notification, call center services, breach resolution, mitigation services, public relations, and crisis management
  • Third party liability, including coverage for regulatory actions and payment card industry (PCI) coverage for credit card breaches
  • Assistance at every stage of the investigation from Beazley’s in-house team of data privacy attorneys and technical experts
  • Initial breach investigation and consulting
  • Complimentary loss control and risk management information, including online resources and value-added educational webinars

For more information

Contact your local agent today for a quote or to learn more about Cyber Liability coverage.


Find more business coverages Contact an agent


Claims handling and breach response services are provided by Beazley USA Services, a member of Beazley Group. Beazley USA Services does not underwrite insurance for Grinnell Mutual. Policies purchased through Grinnell Mutual are subject to Grinnell Mutual’s underwriting processes.