What is data breach insurance?
Data breach insurance can refer to several different policies that protect a company from financial losses as a result of a data breach. These policies include data breach insurance, cyber liability insurance, and technology errors and omissions insurance (tech E&O).
Why is data breach insurance important?
With security breaches all over the news, IT consultants are increasingly interested in how small business insurance can help them manage the financial risk from cyber threats.
This coverage is especially important because of the high cost of data breaches. According to IBM, the total cost of a data breach in 2022 was at an all-time high of $4.35 million USD.
Unsurprisingly, few small business owners can afford to pay that cost out of pocket. Which leads to IT professionals needing insurance to reduce their data breach financial risk. Companies most commonly invest in cyber liability insurance, a data security policy that protects them from the cost of a data breach.
In the tech industry, cyber liability insurance is most often bundled with errors and omissions insurance (also known as professional liability) in a package called tech E&O.
Who should consider data breach insurance coverage?
As small businesses often lack the means to fend off cybercriminals or minimize a breach, they are seen as attractive targets for data breaches, ransomware, and other cybercrimes.
There are three categories of small businesses that can benefit from data breach insurance:
1. Businesses that store customer data
This includes online retailers, accounting firms, or any business that handles sensitive information like credit card info, Social Security Numbers, or bank account information.
2. Companies that handle personal health information
This applies to businesses that operate in the healthcare industry, such as medical offices, chiropractors, and physical therapists, which handle personal identifiable information (PII).
3. Any IT or technology business
Which data breach insurance do I need?
While data breach insurance can refer to any policy that protects against data breaches, it typically refers to cyber liability insurance. There are two different types of cyber liability insurance that address two different types of data breach risk: data breaches that happen to your tech company (first-party) and those that happen to your clients (third-party).
Data breach insurance usually refers to first-party cyber liability insurance, especially for companies outside of the IT industry. In this context, data breach insurance is typically an endorsement to your general liability insurance or business owner's policy, and it only protects against data breaches that affect your company directly.
First-party cyber liability insurance normally has low limits, which is why tech professionals should consider tech E&O instead. This tech-specific package includes the protection that all tech professionals need when handling sensitive data.
What types of data breaches are covered?
Data breaches come in many shapes and sizes. The average person probably hears “data breach” and thinks of hackers. But there are many kinds of cyber incidents, including:
- Malware attacks
- Insider data breaches
- Data theft by employees
- Ransomware attacks
- Employee mistakes
- Phishing attacks
Cyber liability insurance covers both accidental data breaches and incidents where a hacker targets your business or a client.
Let’s explore the differences between first-party and third-party cyber liability insurance, and how to choose the coverage you need. As a breakdown:
- First-party cyber liability insurance covers the cost of a breach on your own network.
- Third-party cyber liability insurance covers the costs of lawsuits when an IT consultant is sued because his client’s data is compromised.
What is first-party cyber liability insurance?
First-party cyber liability insurance can cover many of the costs you’d have to pay if a breach occurred on your network. If your own data is compromised, this policy can help pay for:
- Customer notification
- Security experts to investigate the breach
- Call centers to handle customer questions
- Crisis management teams
- Anti-fraud protection for parties whose data has been compromised
Web hosting companies and others with lots of stored or sensitive data are the IT businesses that benefit most from first-party coverage.
If you store customer data on your network (e.g., if you provide data mining or business intelligence services), you may also benefit from carrying first-party data breach insurance. This is because, a breach of your network could result in steep costs associated with notifying clients, paying for credit monitoring services, and even paying state fines. First-party coverage offers funds to do exactly that.
What is third-party cyber liability insurance?
Third-party cyber liability insurance covers the costs of a lawsuit if a client’s data is compromised, and they claim that your professional oversight or error resulted in the breach.
Third-party cyber liability insurance is the popular choice among IT companies, who are usually most concerned with safeguarding their clients’ data, which is stored on their clients’ servers or somewhere in the cloud.
For instance, IT consultants typically don’t have a lot of data on their own network that needs protecting, so third-party cyber liability insurance makes the most sense. For many IT businesses, third-party coverage can be included in an errors and omissions insurance policy (tech E&O). When it's included, a data breach lawsuit can be treated like any other E&O lawsuit.
Let's look at an example of how third-party cyber liability insurance can help IT consultants manage the risk of client lawsuits:
Say you help a client update to a new ERP platform, but the software is hacked. The client sues you, claiming you didn’t configure it properly, and recommended software that wasn’t secure.
We all know that any lawsuit can be expensive, But in a data breach lawsuit, you might have to pay:
- Attorney's fees
- Court costs
- Judgment (if you lose in court)
Third-party cyber liability insurance can help cover these costs, and protect your business from the financial devastation a successful data breach lawsuit can have on your bottom line.
How much does data breach insurance cost?
As with most insurance policies, the cost for data breach insurance varies from business to business. However, it's quite affordable when considering the out-of-pocket cost of a data breach. There are three ways to incorporate data breach insurance into your risk management plan:
- Adding a data breach rider to your general liability policy is the least expensive option. It should only add a small amount to your general liability insurance premium.
- Purchasing a standalone cyber liability insurance policy, which costs TechInsurance customers an average of $145
- Bundling coverage in a tech E&O policy for an average cost of $61 monthly.
In addition to the type of coverage you buy, there are several factors that also affect your premium, like policy limits, the amount of sensitive data your company handles, business size and revenue, and your claims history.
More common questions about data breach insurance
What's the cost of a data breach should your company experience one?
Without the right insurance and risk measures taken, a data breach could do enormous financial damage to your business, as well as your reputation. In fact, IBM did a study and found that data breaches cost approximately $242 per stolen record. This cost could quickly add up, depending on how much customer information your company stores. A data breach insurance policy can cover all of these costs and get you back to business as usual.
The cost will depend on several factors, including:
- How many people were affected
- The cost of finding and fixing the cause of the breach
- Any cyber extortion demands
- How long your business was interrupted
- Lost business due to reputation damage
- Regulatory fines and penalties
What's not covered by data breach insurance?
In most cases, data breach insurance doesn't cover third-party data theft. Which means, your business isn't covered if you happen to cause someone else’s data to be breached. It'll only covers financial losses your business incurs when dealing with a cyberattack.
Additional data breach coverage exclusions are:
- Data loss caused by accidental damage. A data breach policy doesn't insure data lost from physical damage to a network or storage device. An electronic data liability policy expands your property damage coverage to include a loss of data caused by accidental damage.
- Data loss from natural occurrences. If sensitive data is lost because of a natural disaster, you'd need electronic data processing (EDP) insurance. This provides protection for data loss due to your equipment, such as computers and backup systems.
It's best to consult your insurance policy and read the fine print in detail to fully understand what your data breach insurance policy does and doesn't cover.
Get free quotes and compare policies with TechInsurance
TechInsurance helps IT and tech business owners compare business insurance quotes with one easy online application. Start an application today to find the right policy at the most affordable price for your business.