Cyber insurance protects against data breach damage

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.tennessean.com/story/money/2014/04/21/cyber-insurance-protects-data-breach-damage/7988477/

Cyber insurance may evoke ideas of science fiction, but for businesses, the
risk associated with data breaches is very real.

Many owners of small- to mid-sized companies who possess sensitive data,
such as customer credit or bank account information, Social Security and
drivers’ license numbers or personal medical information, likely believe
the security steps they’ve taken to protect that data means they are
covered in the event of a breach.

That’s not a sure thing. For many businesses, the cloud provides
cost-effective IT solutions and allows for innovative capabilities. But
using cloud-based solutions does not change your responsibility for
securing your customers’ and employees’ data.

Regardless of where you store data, all it takes is one mistake by an
employee, unauthorized access by a former employee, theft of a company
laptop or mobile device or a system breach by a skilled hacker, and your
company could suddenly face significant legal and financial challenges.

That’s why combining cyber insurance with strong data security practices
should be the core of any business plan.

Like any insurance policy, coverage must address the specific needs of your
business. Generally there are two categories of coverage:

1. Third-party cyber liability protects in the event a claim is brought by
a customer or partner for a data breach that your business actions or
negligence allowed. It would protect against:

• Judgments, civil awards or settlements where one is found legally
obligated to pay after a data breach.

• Electronic media liability resulting from an infringement of copyright,
domain name, trade name, service mark or slogan on an intranet or Internet
site.

• Employee privacy liability due to disclosure of personal information.

2. First-party cyber-crime expense, which provides financial compensation
to help address immediate customer and business needs that could include:

• Legal and forensic services to determine whether a breach occurred and
assist with regulatory compliance if a breach is verified.

• Notification of affected customers and employees, including costs such as
letter preparation and mailing.

• Customer credit monitoring, as well as monitoring of fraud, public
records and other information as needed.

• Crisis management and public relations to educate customers about the
breach and rebuild your company’s reputation.

• Business interruption expenses to cover costs for additional staff,
equipment, third-party services and additional labor arising from a covered
claim.

A number of factors, led by the type of business you conduct, contribute to
determining premium costs. If you are an e-commerce company or retailer
doing online transactions and storing data such as credit card information,
you are considered a higher risk for data breach and subject to higher
premiums. Medical-related data such as birth information, Social Security
numbers and medical records are also high risk.

It’s important to review business coverage needs each year with your
insurance adviser to understand how your security risks are addressed in
order to identify areas where cyber insurance can address exposures that
may be excluded from your current policies.

No two businesses are the same when it comes to cyber risks. Therefore it
is important to understand the cyber risks your business faces to ensure
your insurance program is designed properly.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!