Nearly 80 million Americans were impacted when Anthem was the target of hackers in February 2015. Prior to the Anthem hack, during the 2013 holiday season Target experienced a breach exposing over 40 million credit cards and the personal identifying information of over 110 million people. In March 2015, Target agreed to pay $10 Million to settle class action litigation arising out of the breach (paying up to $10,000 to individual victims). In March 2015, Target agreed to pay $10 Million to settle class action litigation arising out of the breach (paying up to $10,000 to individual victims).1 Data breaches like this leave consumers wondering how far the damage will go and leave companies struggling to protect the data of their employees and customers.
It is impossible to conduct business in this day and age without utilizing online data access and storage. One study suggests that companies that fall victim to cyber-crime suffer an average $7.6 million in damages, with a range from $0.5 million to $61 million per breach. 2 The most costly attacks tend to come from insiders such as disgruntled employees and in the form of web-based attacks. A careful risk prevention policy will review a system’s vulnerabilities and allocate resources to shore up the defenses, however, breaches may still happen.
Most traditional general liability policies do not cover data breaches, and some explicitly contain an exclusion for electronic data. Companies have the option of purchasing separate coverage for data and privacy breaches. Cyber insurance policies can include first-party coverage for crisis management expenses (including forensic investigations and PR consultants), business interruption expenses, professional negotiator expenses in the event of a cyber-hostage scenario, costs of notifying consumers of breaches, fraud protection for consumers, damages to hardware and software, and protections for vandalism caused by employees. Third-party coverage may include costs from hiring attorneys, expert consultants and vendors to defend in civil litigation, costs from claims alleging unauthorized access to or dissemination of private information, content injury including trademark and copyright infringement, costs arising from customers’ lack of access, and claims relating to harm to third-party systems.
The costs of cyber insurance vary, but entry level policies begin around $2,000, with the average cost for $1 Million in coverage tending to be $12,500 to $15,000. Larger companies, including Target, have opted to purchase towers of insurance to protect against future data breaches. Without question, companies of any size must consider their risks and weigh the potential costs of a data or privacy breach.