Evaluating Cyber Liability Insurance Policies

Cyber liability insurance or  also known as data breach insurance have been purchased by businesses to help with response costs. Now, it seems they’re purchasing it out of fear of a lawsuit. With many data breach lawsuits making recent headlines, it’s no surprise. Finding the right policy, though, is an important step in being fully protected.

Once you are ready to shop for cyber liability insurance its important to carefully evaluate the purchase of a the cyber liability insurance policy from a variety of angles. The types of coverage offered by cyber liability insurance policies vary dramatically by insurance carrier, so its good to start by talking with a knowledgeable insurance broker who has experience with cyber liability insurance policies.

When evaluating and considering the purchase of a cyber liability insurance policy, there are several important steps prior to actually investing in the policy:

Determine how much insurance you need and how much risk you can afford to retain. Once the amount of insurance you need is determined, figure out how much you can afford to pay out of pocket before any cyber liability insurance claims may be paid. This will help you determine your retention or deductible.

Review the types of coverage provided. While cyber liability insurance policies are not standard policies, and vary widely, coverage typically falls into three categories: liability, breach response costs, and fines and penalties. Some things to consider are: Does the insurance carrier have experience with your industry? Is there any special cyber liability coverage applicable to your specific industry or business?

Know what triggers the policy. Will your cyber liability insurance coverage be triggered for a stolen or lost unencrypted laptop or USB flash drive? Loss related to the failure to secure data? Loss related to a breach caused by a negligent employee? Data held in the cloud? What happens if you experience a data breach in which public data is exposed?

What types of data are covered? Some carriers specify the types of data covered, while others do not. Some things to consider: How is sensitive data defined in the specific cyber liability policy? Are paper records included?

What response costs and services are covered in the event of a breach? Most carriers offer coverage for breach response costs and breach services. You will want to check to see if the following are covered (at least) in the cyber liability insurance policy on offer: crisis management and breach notifications, credit monitoring, loss of business income, privacy regulatory defense and penalties, computer forensics investigation, and the hiring of a privacy lawyer.

Find out if you can select your own vendors or counsel. Often, businesses prefer to select their own vendor or counsel, especially if they have a pre-existing relationship with these professionals. Find out upfront whether or not you have a choice or must use the vendors and/or counsel selected by the insurer as part of the cyber liability insurance coverage.

Cyber risk is now considered one of the top emerging risks a business faces and data breaches will continue to happen. Cyber liability insurance offers a great solution to responding to a breach and helps offer peace of mind if a lawsuit were to happen.

 

Disclaimer: Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain any additional benefits and exclusions pertaining to your policy.

“The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.”
_____________________________________________________________________________________

A cyber attack/data breach can cripple a business of any size. By planning in advance and purchasing a cyber liability insurance policy, businesses can minimize their risks, costs, and the impact of a cyber attack on their reputation and brand.

To learn how a Cyber/Data Breach Insurance policy can help you be prepared for a cyber attack, network security situation, or data breach event, please complete the box below. Or call  Cyber Data- Risk Managers Pty Ltd 03 8640 0962.

 

 

Strategies for Dealing With Data Breaches

Data Breaches can happen to any businesses of all sizes and therefore the question that must be asked is when one will happen, rather than if one will happen.

Most businesses today realize that, while a data breach can’t be predicted, it should be expected. The focus should shift to how to best handle data breaches that do occur.

Good planning will make the difference between a living nightmare for the whole organization or a prepared organisation that is ready to mitigate harm. The cost of poor planning, meanwhile, can be huge financial losses or even bankruptcy for small and midsized businesses.

This was the case for Impairment Resources LLC , a US medical records firm. The firm filed for bankruptcy in March after a break-in on New Year’s Eve 2011 that led to the compromise of roughly 14,000 files. The cost of dealing with the data breach was prohibitive for the firm, leading to its demise.

Creating a data breach incident response plan, and incorporating it into the organization’s business continuity plan, simply makes business sense. Here are seven things your business can do once your endpoint has been compromised:

- Stay calm. Don’t rush out the minute you learn about your data breach and announce it to the world. You will want to take a deep breath and organize your response team. Involve designated key employees, a privacy attorney, a computer forensics expert, and your cyber insurance agent as part of total data breach response strategy.

- Call your insurance agent. While traditional business insurance policies do not cover data breaches, a cyber insurance policy will. Your cyber insurance carrier would help coordinate your incident response team.

- Get a computer forensics investigator involved. Before you send out your notification letters, you will want to know whether any sensitive personally identifiable information (PII) was accessed/stolen. Knowing this will trigger whether or not you need to report your data breach and determine if notification letters need to be sent.

- Speak with/hire a data privacy lawyer. If you believe that your data breach has exposed sensitive PII, you will want to hire a data privacy attorney to help coordinate your breach from start to finish.

- Send out notifications to potential breach victims. Each state where you do business and where your customers reside will have its own requirements for reporting breaches. Follow state notification laws and adhere to specified time frames for sending out notification letters.

- Offer an identity-theft/credit-monitoring service. While not a requirement, it’s become an industry standard to offer some type of identity-theft/credit-monitoring service to each potential victim.

- Tighten your endpoints and fix data leakage. While no security system is 100 percent foolproof, installing firewalls, updating antivirus systems, investing in an IPS or IDS system, and updating software and patches can help your business minimize the risks of an additional data breach.

How your business responds to a data breach can either harm or enhance your reputation. Take the time to think about the steps involved and to create a data breach incident response plan before a data breach happens.

Disclaimer: Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain any additional benefits and exclusions pertaining to your policy.

“The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.”
_____________________________________________________________________________________

A cyber attack can cripple a business of any size. By planning in advance and purchasing a cyber liability or data breach insurance policy, businesses can minimize their risks, costs, and the impact of a cyber attack on their reputation and brand.

To learn how a Cyber Liability/Data Breach Insurance policy can help you be prepared for a cyber attack, network security situation, or data breach event, please complete the box below. Or call Cyber Data-Risk Managers Pty Ltd. 03 8640 0962.