Data breaches can be expensive. In fact, the average cost of a breach in the UK is £2.37 million.
That’s a staggering amount. But many organisations – even the largest – have found themselves lagging behind the cybersecurity compliance curve in recent years.
One of the aspects of protecting themselves that many organisations either neglect or assume they have in place when they don’t is data breach insurance.
But many insurers use contracts with careful wording that excludes some types of breaches from some types of cyber insurance unless they are specifically covered.
This makes understanding what data breach insurance is vital if you want to protect your organisation.
Data breach insurance is a specific type of cybersecurity insurance. If your organisation suffers financial harm from a data breach, this type of insurance is supposed to cover you. Specifically, it covers you from financial harm that results from an attack in which data has been lost or stolen.
Some cyber risk or cyber liability insurance policies may be designed to cover general business loss, network issues or Intellectual Property damage. As with all insurance policies, the important thing to be aware of is the fine print of what is covered and what isn’t (and what your insurer understands by certain terms when describing that coverage).
It’s also worth noting that many insurance providers will insist that you demonstrate that your organisation has effective cybersecurity protection in place. Standards like Cyber Essentials and Cyber Essentials are often a good benchmark for what’s required.
This covers damage that your own organisation suffers from a breach, often including things like:
This covers damage to other parties outside of your organisation, including things like:
This should provide both first and third-party data breach insurance coverage.
Make sure that the wording of your policy covers the situations that both you and your insurer think it does. Look for clear wording that spells out the types of coverage and incidents that are covered.
It isn’t unknown for insurers to accidentally use technical language inaccurately. Or to inadvertently use non-technical terms that are open to legal interpretation.
It is worth having an IT specialist on-hand – either from your own in-house team or managed service provider – to advise on what terms actually mean from a technical perspective.
Getting financial coverage for the wide range of issues that can result from a data breach is critical if you want to recoup some of the impact on your business. But there are some additional jobs that need to be taken care of after data loss that most policies won’t cover:
Cybersecurity policies, regulations and compliance standards are regularly updated to reflect changing threats and technologies.
Changes in the law can mean the coverage your policy once provided is no longer current or applicable to new circumstances or events. Equally, the needs of your company can change over time as you grow.
You should aim to review your data breach insurance policy regularly. As before, it is always worth doing so alongside someone from your internal IT team or managed service provider. They can provide some advice on technical terms as well as help you create breach response plans so that you know what to do if the worst should happen.
Talk to an expert. Set up a commitment-free chat with Chief Geek Gildas Jones today. Click here for his bookings calendar.
Become one of the 900+ businesses in Bristol and beyond that use Dial A Geek for their cybersecurity.