Preparing for a breach can greatly reduce the cost of a breach according to the Ponemon Institute. Thus, insurers reward those organizations who have taken preparatory steps and implemented defensive measures such as an incident response plan and designated a team to execute that plan. An incident response plan will identify the actions that should be taken when a data incident occurs. Having an incident response plan can result in lower premiums.
Since securing cyber liability insurance is now a necessity for any business, the implementation of an incident response plan can result in significant cost savings both currently and in the future. The Ponemon study, which looked at the costs of data breaches, found that the average breach in the U.S. costs an organization around $6.5 million dollars. Other key cost-reduction factors include having an incident response team in place prior to a breach, along with employee training. Creating an incident response plan and having an incident response team to execute the plan reduced the cost of a breach from an average of $217 per compromised record to $193. However, involving third parties in response to a breach brought the costs up to $246 per record.
Cyber liability insurance is broken down into two main categories of coverage: third-party and first-party costs associated with a data breach.
- First-party costs include the costs to the insured organization and are related primarily to restoring computer functionality, business interruption costs, and forensic investigations.
- Third-party costs include fees paid to retained specialists for services related to litigation, responding to regulatory investigations and requirements, governmental inquiries, credit monitoring for impacted customers, public relations, notices and communications to consumers, customers, and other third parties, and other liability management issues related to the data breach.
The most informed way to purchase cyber liability insurance is to understand the risks to which your company is exposed. Part of the process of creating an effective incident response plan is identifying data that your company is collecting and the potential regulatory and compliance issues concerning that information. This process can then be used to purchase more targeted and effective cyber liability insurance by purchasing the coverage that best suits your company’s needs.
Furthermore, having an incident response plan in place and designating a team to execute that plan prior to a breach contribute significantly to mitigating data loss and the corresponding fraud and identity theft that follow an unauthorized breach of data.
In the final analysis, the most effective way to purchase cyber security insurance is after you have created and implemented an incident response plan, along with the other components of a comprehensive information security plan, so that you better understand what your insurance needs are and can enjoy lower rates because you have adopted best practices.