The final cost of a data breach can be hard to pin down. Dozens of factors affect the cost of a breach, and you can’t know what the total price tag will be until the dust settles. Sometimes, that takes years.
Think of all the things that happen to a company after it's hacked. An accurate estimate of damages would have to tally expenses for…
- Reputational damages.
- Lost sales.
- Web outages (and diminished revenue).
- IT repairs.
- Forensic investigations.
- Public relations / new advertising.
- Data breach lawsuits.
- Identity theft prevention.
- Customer notification.
Some of these less tangible costs – lost sales, diminished revenue, and reputational damages – are difficult to quantify. And though the company reeling from a data breach is certainly concerned with the exact cost, so are the insurance companies that create policies to cover these events.
Law Technology News reports that many insurers are in the process of adapting their Cyber Liability coverage to include more and more expenses to adequately address the cost and frequency of data breaches. But before we get into that, let’s try to put a dollar amount on how much a breach may be.
How to Estimate the Cost of a Data Breach
Say you're trying to convince a client to invest more in network security. Wouldn't it be nice if you could point to a number that showed what they could expect to pay if a data breach happened on their network?
The good news is that security researchers are always trying to find a more accurate way to estimate the cost of a breach. Each year, the Ponemon Institute reviews data breaches, crunches the numbers, and provides an estimate that shows what the average breach costs.
The institute's current figure estimates that a data breach costs $195 for each compromised record. Of course, each data breach is different, but this number is a helpful starting point.
Using the Ponemon Institute's data, you could estimate that…
- A breach with 1,000 lost records would cost your client $195,000.
- Once your clients have over 5,000 records, they have approximately $1 million in data liabilities.
How to Prepare for the Cost of Data Breach
There are two insurance policies that cover data breaches, but one is more suited for your clients, and the other is better suited for you, the IT professional. Here they are, in a nutshell:
- Cyber Liability Insurance (aka Cyber Risk Insurance or Data Breach Insurance). While some IT professionals buy this coverage, this policy better fits your clients. It covers the immediate costs to repair a breach, protect customers from identity theft, and rebuild the compromised company's reputation. A first-party Cyber Liability policy only covers the policyholder's company, so if you have this policy, it only covers breaches that occur on your network, not your client's.
- Errors and Omissions Insurance. Technology E&O Insurance is a liability policy, which means it pays for lawsuits. If a client is hacked, they can sue you to recover damages. E&O Insurance covers your professional liabilities, such as client data breach lawsuits. Your policy can pay for your legal defense (lawyer fees and prep costs), as well as damages you owe clients for lost revenue, injury to their reputation, and more.
If your clients have a lot of data, it's smart to encourage them to have Cyber Liability Insurance. When clients are prepared for the cost of a data breach, they may be less likely to sue you if their network or website gets hacked.
Regardless of whether your clients have insurance, you should protect your business with E&O Insurance. With E&O Insurance, you can rely on your provider to cover your legal bills and protect you from the astounding cost of your client’s breach.
For free quotes on insurance for IT consultants, submit an online insurance application.