We hoped Anthem’s January data breach would be the last large-scale event of 2015. Our hopes were dashed by the Office of Personnel Management’s massive breach that exposed personal information of more than 20 million current, former and prospective federal employees and contractors. This is yet another reminder that every organization is at risk of suffering a data security breach.
Organizations should also know that the costs of a data security breach can be devastating. Consider the following results from NetDiligence’s 2014 analysis of 111 data breach insurance claims:
- Most frequently exposed data: personally identifiable information (41%), private health information (21%) and payment card information (19%)
- Most frequent cause: hackers (30%) and staff mistakes (14%)
- Typical claims range: $30,000 to $400,000
- Average claim payout: $733,109
- Average per-record cost: $956.21
- Average cost for crisis services: $366,484
- Average cost for legal defense: $698,797
- Average cost for legal settlement: $558,520
These staggering figures may explain the results of a 2015 survey of risk managers conducted by the Risk Management Society (RIMS). According to the survey, the top three first-party exposures are reputational harm (79%), business interruption (78%) and data breach response and notification (73%). Fifty-one percent of respondents purchased cyber insurance policies, while 74% are considering obtaining cyber coverage in the next 12 to 24 months.
The RIMS survey found that risk managers are buying the following coverages:
- Breach notification costs (91%)
- Cyber extortion (80%)
- Network/business interruption (80%)
- Data recovery (75%)
- Fines and penalties (75%)
- Reputational harm (44%)
- Professional liability (43%)
- Theft of trade secrets (29%)
The RIMS survey shows that risk managers are taking data security very seriously. Interestingly, the growing prevalence of cyber insurance suggests that preventative measures may not be enough. Even the most sophisticated security measures don’t always prevent data breaches.
The right Cyber Perils coverage can help organizations survive the continuing data breach epidemic. The key is finding a policy that meets organizational needs without unnecessary coverages. The complexity of cyber insurance makes it difficult to evaluate and compare various options, so an experienced insurance agent should be consulted to find coverage that is both adequate and affordable.
If you would like to learn more about insuring against cyber risks, contact us.
If you would like to subscribe to our newsletters please click here.