Does Cyber Insurance Cover Data Breaches?

Caeva O'Callaghan | December 9th, 2020


When data is leaked from a company by cyber criminals, it’s never good news. But if you have cyber insurance in place, will it cover data breaches?

Yes. Cyber insurance covers data breaches as well as malware and other forms of cyber attack. Data breaches can leak sensitive or confidential information to criminal organisations. They can be one of the most harmful types of cyber attack, and can wreak the most havoc on a business’ reputation.

In this article, we’ll cover questions like:

  • What is a data breach?
  • Will cyber insurance protect against a data breach?
  • What should I do after a data breach?

Data breaches don’t have to mean the end of the world, but they are to be taken very seriously. Read on to discover what you need to do in the event of one happening.

What is a data breach?

A data breach is the intentional or unintentional release of private, secure or confidential information to an untrustworthy environment. Data breaches have many other names, including unintentional information disclosure, data leak, information leakage and data spill. These names are often used by businesses to downplay the seriousness of the event. In reality, data breaches are extremely serious.

This is because when companies handle sensitive information, they don’t always have the security in place to prevent criminals obtaining it. Sensitive information could be names, addresses, credit card information and other personal data.

Globally, the average total cost to a company of a data breach is $3.86 million, according to a study by the Ponemon Institute. This means an average of $148 per stolen record – a cost very few small or medium businesses could afford.

Cyber insurance is always a good idea. However, there are some common sense protocols you can put in place to prevent cyber attacks taking place. These include:

  • Using strong passwords with upper and lower case characters, numbers and symbols where possible
  • Check financial accounts regularly and monitor for suspicious activity
  • Secure your phone with a password or fingerprint sensor
  • Back up your files to ensure their safety

Will cyber insurance protect against a data breach?

Yes, cyber insurance will cover your business against any kind of data breach as a result of criminal activity. If criminals steal your or your customers’ sensitive data, having cyber insurance will help pay for costs you incur while fixing the problem and making sure it won’t happen again.

Data breaches can occur for a number of reasons, including accidentally. Criminals typically aim to cause a data breach in one of the following ways:

  • Exploiting system vulnerabilities. Out of date software can develop holes as criminals get smarter and security leases lapse, so this allows an attacker to sneak in malware.
  • Weak passwords. If they are easier for hackers to guess, it’s easier for them to obtain entry to your systems.
  • Downloads. Beware of installing anything on your computer system which you do not fully trust. Do not click suspicious links, because they could lead to malware.
  • Phishing, spam, and other attacks. These aim to trick the user into revealing login credentials or downloading malware.

What to do after a data breach?

Laws and regulations are in place that require companies to take specific steps in the event of a data breach or other security incident. Irish law requires companies to send data breach notifications to consumers when their personally identifiable information may have been compromised. Organisations must do this within 72 hours of becoming aware of the breach.

Therefore, the first step is to get confirmation of the breach. You need to ascertain whether the leak did indeed contain sensitive information.

Next, find out what kind of data was stolen. This is important, because it will determine if you need to report it to the Data Protection Commission (DPC).

Any organisation which handles data is obliged to notify the DPC of any personal data breach that has occurred. But, they don’t have to if they are able to demonstrate that the personal data breach is ‘unlikely to result in a risk to the rights and freedoms of natural persons’.

For example, if the data only contained first names, this is unlikely a risk to those individuals’ rights and freedoms. However if your data included bank details in connection with those first names, that would certainly be a concern.

Feel free to contact us and talk to our Cyber Insurance experts, we can help you protect your business from cyber risks and attacks. We look forward to helping you.

OUR CYBER INSURANCE SPECIALISTS

RACHEL DIXON

CAEVA O'CALLAGHAN

CAROLINE MCARDLE

All Information in this post is accurate as of the date of publishing.