Home Depot, Target, Jimmy Johns, Dairy Queen, Michaels, SuperValu, Amazon, Yahoo, Kmart, AT&T, school districts, hospitals, main street, Wall Street, and so on... What do all these businesses have in common? They've all been victims of cyber or data breach attacks. As long as the list of cyber casualties continues to grow, so does the need for coverage!
Data breaches may involve the loss of financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (name, social security number, date of birth, address, etc...), trade secrets of corporations or intellectual property. Understand that a data breach doesn't necessarily mean you were targeted by hackers or a sophisticated malware was placed on your credit card reader only to result in the loss of millions of customer's private information. It can be as simple as stolen laptop sitting on the front seat of your car during a lunch break. If there was any sensitive information on that laptop and you can't ensure it wasn't compromised, you have a breach and are subject to state notification laws. And just because you aren't sitting at a desk all day compiling private information, doesn't mean you don't have risk. The Target breach was the result of a third party HVAC vendor doing some work at a few stores according to Krebs on Security. That means not only do we have to be responsible for the information we are collecting for our own business pursuits, but we need to protect our third party exposure as well.
Without a doubt the legal and punitive expenses associated with a data breach can be overwhelming, but it is the notification and ongoing monitoring requirements that put most uninsured companies out of business. Businesses subject to a breach are required to notify, by certified letter at three different times, anyone who's information may have been compromised and also provide ongoing credit monitoring, a toll free credit counseling hotline, and an informational website. Obviously one's need for this coverage, hinges on how many private records you control or come into contact with during the course of business. Keep in mind as your deteremine your records exposure, that you don't get a bulk rate if you lose an entire family's information. You are required to notify and provide credit services for each record- holder compromised. That is each man, woman or child regardless of their relationship to your company or their age. To calculate your true exposure, visit Ponemon Data Breach Calculator. The Ponemon Institute is an independent company that researches privacy, data protection, and information security policy.
Cyber or Data Breach Liability coverage will be required just like General Liability or Workers Compensation in years to come. Without a doubt technology is advancing beyond the understanding of our exposure and as payment methods continue to expand, (apple pay, phone swipes, etc...) and the virtual world continues to expand, (the cloud) and our business community continues to shift from mainstreet to an online global marketplace, so will our need for protection.
Contact us if you wish to have further information on this coverage.