The Computer Age, The Digital Age, The Information Age, or whatever you decide to call it, the fact remains that we live in an era where the most valuable asset for many companies is information. From scientific data, to consumer buying habits and patient diagnosis. But at the same time, this same asset can also come with a burden: it’s every companies’ responsibility to safeguard the information they hold. And given that there is so much digital information produced today, the task of protecting it can become overwhelming for small and medium businesses, and in some cases even large ones, if they don’t have an IT department.
In order to help bear the costs, a lot of companies are investing in a cyber risk insurance policy, as a part of their risk management strategy. These companies realize the importance of having cyber insurance. Some of the many benefits of a cyber risk insurance policy include: offsetting expenses of data breach, providing adequate resources in case of a data breach and closing the gap between current needs and traditional coverage. Let’s discuss these in more detail.
Closing the Gap
Traditional insurance sometimes only covers liability that arises out of “tangible” property. For example, the server on which all of your data is stored, but not the data itself. Traditional policies also won’t cover first-party breach notification posts, which can result in a significant coverage gap of an organisation’s digital data, exposing them to the full costs in the event of data loss. Cyber insurance is specifically designed to cover that gap and it provides coverage for remediation costs, liability for loss of data or data breach, legal and regulatory penalties and fines.
Offsetting the Expenses
Data breaches are unpredictable, so it’s hard to properly budget them. The scope, complexity and size of each data breach is different. PHI, or protected health information, is particularly expensive, given the strict policies that surround it as well as the potential for fines from both patients and regulatory agencies. Plus, specialised medical recovery and identity monitoring services are also expensive. A lot of health organisations have found that cyber insurance helps to cope with unexpected expenses, especially costs around data breach notification. Typical cyber breach coverage includes: legal fees during and after the breach, communication including call centers, regulatory notices and notification letters, data analysis, forensic investigation, public relations, legal settlements, regulatory fines and identity monitoring.
Resources for Breach Responses
A lot of carriers, either through a panel of approved vendors or informal referrals, can offer resources to businesses facing a data breach. This often includes an attorney and a breach coach. Additionally, insurers can provide referrals for a wide range of service providers including legal and PR, forensics and data breach notification, all of which are pre-negotiated.