What is a Security Breach?
A Security Breach also known as a Data Breach involves the theft or compromise of 30,000 or more records, although many smaller breaches occur continually, of secure or private/confidential information to an untrusted environment. According to the Credit Union National Association , most breaches occur in North America and it is estimated that the average cost of a data breach will be over $150 million by 2020, with a global annual cost forecast to be $2.1 Trillion. In today’s fast-paced business environment businesses face 24/7 online risk exposures that can decimate a company financially. How a business plans for these contingencies is a measure of the quality of privacy and security protection from a risk viewpoint of loss.
Why Insure Data?
There are three risk precepts that guide decisions we all make in business and profession, as well as our personal lives:
- never risk a lot to save a little
- never risk more than you can afford to lose
- always know your odds
We use these precepts unconsciously, to make a multitude of decisions daily. As has been the case for hundreds of years, the conclusive risk management tool for this exposure is insurance.
What does Network and Information Security Insurance provide?
Most businesses today are driven by data. With that comes the profound responsibility to protect customers’ private information, to prevent the inadvertent transmission of computer viruses and to ensure that authorized users are able to securely access a company’s website or computer network. The theft or misuse of private or confidential customer information is a daily concern for nearly all businesses large and small. Even when a business has done nothing wrong, it may still face lawsuits from its customers. Network & Information Security Liability coverage protects against risks associated with the failure to protect electronic data containing others’ private information, the inadvertent transmission of a computer virus, the inability of authorized users to access an insured’s website or computer network, and failure to comply with applicable security breach notifications laws.
What the costs associated with a Security or Data Breach Event?
When there is Security or Data Breach event there are two types of financial loss that a business must be prepared for; Third-Party Liability and First-Party Expenses.
Third-Party Liability costs will typically consist of:
- Cyber, privacy and Network Security Liability; failure to protect private or confidential information of others, and failure to prevent a cyber incident from impacting others’ systems
- Payment Card Loss; contractual liabilities owned to payment card industry firms as a result of a cyber incident
- Regulator Proceedings; defense for regulatory actions and coverage for fines and penalties
First-Party Expenses will typically consist of:
- Cyber Incident Response costs; Legal fees, forensics, notification costs, credit monitoring, public relations, etc.
- Business Interruption; loss of profits and expenses from interruptions of insured’s systems and possibly interruptions of others’ systems
- Digital Data Recovery; costs to restore or replace lost or damaged data or software
- Telephone Toll Fraud; costs incurred as phone bill charges due to fraudulent calling
- Network Extortion; payments to prevent digital destruction/impairment
Additional costs associated with a security or data breach event can include cyber crimes:
- Computer Fraud; third party accessing an insured’s computer to steal money
- Funds Transfer Fraud; third party tricking a bank into transferring funds from an insured’s account
- Social Engineering Fraud; third party tricking an employee into transferring money
All of these exposures can be insurable by purchasing a Network & Information Security Liability Insurance policy