What is data breach insurance and do you need it?

padlock on a computer keyboard

Data breaches can be expensive. In fact, the average cost of a breach in the UK is £2.37 million.

That’s a staggering amount. But many organisations – even the largest – have found themselves lagging behind the cybersecurity compliance curve in recent years.

One of the aspects of protecting themselves that many organisations either neglect or assume they have in place when they don’t is data breach insurance.

But many insurers use contracts with careful wording that excludes some types of breaches from some types of cyber insurance unless they are specifically covered.

This makes understanding what data breach insurance is vital if you want to protect your organisation.

What is data breach insurance?

Data breach insurance is a specific type of cybersecurity insurance. If your organisation suffers financial harm from a data breach, this type of insurance is supposed to cover you. Specifically, it covers you from financial harm that results from an attack in which data has been lost or stolen.

Some cyber risk or cyber liability insurance policies may be designed to cover general business loss, network issues or Intellectual Property damage. As with all insurance policies, the important thing to be aware of is the fine print of what is covered and what isn’t (and what your insurer understands by certain terms when describing that coverage).

It’s also worth noting that many insurance providers will insist that you demonstrate that your organisation has effective cybersecurity protection in place. Standards like Cyber Essentials and Cyber Essentials are often a good benchmark for what’s required.

Data breach insurance – types of coverage

First-party data breach insurance

This covers damage that your own organisation suffers from a breach, often including things like:

  • Lost revenue
  • Damage to hardware or software
  • Fines incurred due to lost data
  • The cost of any data breach investigation

Third-party data breach insurance

This covers damage to other parties outside of your organisation, including things like:

  • The cost of legal action from other parties relating to data loss
  • Fees and costs of covering or aiding other parties who have lost data

Full coverage data breach insurance

This should provide both first and third-party data breach insurance coverage.

What to look for in your data breach insurance policy

1) The exact wording of your policy

Make sure that the wording of your policy covers the situations that both you and your insurer think it does. Look for clear wording that spells out the types of coverage and incidents that are covered.

It isn’t unknown for insurers to accidentally use technical language inaccurately. Or to inadvertently use non-technical terms that are open to legal interpretation.

It is worth having an IT specialist on-hand – either from your own in-house team or managed service provider – to advise on what terms actually mean from a technical perspective.

2) What “extra” assistance your policy covers

Getting financial coverage for the wide range of issues that can result from a data breach is critical if you want to recoup some of the impact on your business. But there are some additional jobs that need to be taken care of after data loss that most policies won’t cover:

  • Notifying the other parties affected
  • Notifying any government or regulatory bodies
  • Performing any other legal or ethical duties
  • Investigating and locating the source of the breach
  • Updating your cybersecurity processes

3) How your policy changes over time

Cybersecurity policies, regulations and compliance standards are regularly updated to reflect changing threats and technologies.

Changes in the law can mean the coverage your policy once provided is no longer current or applicable to new circumstances or events. Equally, the needs of your company can change over time as you grow.

You should aim to review your data breach insurance policy regularly. As before, it is always worth doing so alongside someone from your internal IT team or managed service provider. They can provide some advice on technical terms as well as help you create breach response plans so that you know what to do if the worst should happen.

Need to plan what your response would be in the event of a data breach?

Talk to an expert. Set up a commitment-free chat with Chief Geek Gildas Jones today. Click here for his bookings calendar.

Become one of the 900+ businesses in Bristol and beyond that use Dial A Geek for their cybersecurity.