Data Breach Insurance
Instant business insurance quotes
Can't find your industry?

Data Breach Insurance

With data breaches all over the news, IT consultants have been seeking small business insurance to manage their exposure to the financial risk that accompanies cyber threats. Data Breach Insurance is often just the policy they need.

This coverage is especially important because of how expensive data breaches are. According to a 2015 study by cyber risk management provider NetDiligence, the average data breach claim costs $673,767. That’s a lot. To put that number in perspective, that amount would buy you 20 new Mercedes Benz cars.

Not many small-business owners have almost $700,000 lying around (or enough room in their garage for 20 new cars). Because of that, IT professionals often invest in Data Breach Insurance to protect themselves from the cost of a data breach.

What Data Breach Insurance Do I Need?

From an insurance perspective, there are actually two different types of breaches – yours and your clients’. For these two breaches, there are two different types of Data Breach Insurance:

First Party, which can pay for the cost of a breach on your own network.

Third Party (often included in Professional Liability Insurance written for small IT businesses), which can cover the cost of lawsuits when an IT consultant is sued after a client’s data is compromised.

Let’s go over how these two types of Data Breach Insurance are different and when you might want to invest in each one.

First-Party Data Breach Insurance vs. Third-Party Data Breach Insurance

Which Data Breach Insurance coverage can you benefit from? For most IT consultants, Third-Party Data Breach Insurance makes the most sense. That’s because most IT consultants don’t store much data on their own network that they’re worried about protecting. They’re more concerned with their clients’ data, which is stored on their clients’ servers or somewhere in the cloud.

If a client’s data is compromised, they could turn around and sue you, claiming the compromise resulted from a professional error or oversight on your part. Third-Party Data Breach Insurance would be the policy that could cover the costs of that lawsuit.

For many IT businesses, Third-Party coverage is fairly easy to include in an Errors and Omissions Insurance policy. When it is included, a data breach lawsuit can be treated like any other E&O lawsuit.

If you store customer data on your network (e.g., if you provide data mining or business intelligence services), you may also benefit from carrying First-Party Data Breach Insurance. This is because, should your network be breached, you might be responsible for notifying clients, paying for credit monitoring services, and even paying state fines. First-Party coverage offers funds to do exactly that.

Below, we’ll take a closer look at how each policy works.

What is Third-Party Data Breach Insurance?

We’ve already gone over why IT consultants usually choose Third-Party Data Breach Insurance – it can help them manage their risk of client lawsuits. But let’s look at an example of this coverage in action.

Say you help a client update to a new ERP platform, but the software is hacked. The client sues you, claiming you didn’t configure it properly and you recommended software that wasn’t secure.

Everyone knows how expensive lawsuits are. But it’s helpful to break down the costs of a lawsuit, item by item. In a data breach lawsuit like this, you might have to pay for…

  • Lawyers’ fees.
  • Court costs.
  • Settlements
  • A judgment (if you lose in court).

Third-Party Data Breach Insurance can help cover these costs, potentially preventing a data breach lawsuit (which might cost hundreds of thousands of dollars) from devastating your business finances.

What is First-Party Data Breach Insurance?

First-Party Data Breach Insurance can cover many of the costs you’d have to pay if a breach occurred on your network. If your own data is compromised, First-Party Data Breach Insurance can help pay for…

  • Customer notification.
  • Security experts to investigate the breach.
  • Call centers to handle customer questions.
  • Crisis management teams.
  • Anti-fraud protection for parties whose data has been compromised.

Web hosting companies and others with lots of stored data are the IT businesses that tend to benefit most from first-party coverage.

What Types of Data Breaches Are Covered?

Data breaches come in many shapes and sizes. The average citizen probably hears “data breach” and thinks of hackers. But there are many kinds of cyber incidents, including…

  • Malware attacks.
  • Malfunctions.
  • Insider data breaches.
  • Data theft by employees.
  • Ransomware.
  • Employee mistakes.

Data Breach Insurance may cover these breaches as well as when a hacker targets your business or your clients.

The Small Business Insurance Leader