Does my business insurance policy cover data breaches?

The standard business insurance policy covers tangible assets such as office furniture and equipment. Since electronic data is not considered tangible, it is generally not covered under a normal business policy. The solution is to purchase a cyber liability policy for your business.

What constitutes a data breach?

A data breach is the loss, theft, accidental release or accidental publication of Personally Identifiable Information (PII) and Protected Health Information (PHI) including:

• Social security number
• Bank account number
• Credit or debit card numbers
• Driver’s license number
• Email address
• Patient history and medications

It can occur through hacking, theft or release due to unauthorized access, stolen or lost electronic files, stolen or lost laptop, smartphone, tablet, or computer disks, stolen credit card information, employee error or oversight. The most common cause for a data breach is negligence.

Read about the biggest data breaches in history >>

What is covered by a cyber liability policy?

• Network Security and Privacy Liability
  • This covers third party claims arising out of a breach of your Network Security or other private information.
  • Example: A patient sues you because their information was compromised and stolen due to a data breach within your dental practice.
• Privacy Breach Response
  • This covers first party legal, public relations, advertising, IT forensic, call center, credit monitoring, identity theft restoration and postage expenses incurred by you in response to a privacy breach.
  • Example: Since you have had a data breach, you are now legally required to notify all affected individuals via first class postal mail and to potentially provide credit monitoring for all affected individuals. The average cost to notify affected individuals is $20 per record.
• Network Asset Protection / Network Restoration
  • This covers expenses to recover and/or replace data that is compromised, damaged, lost, erased or corrupted.
  • Example: You have to restore your client records after a virus attacked your network and corrupted all of your files.
• Regulatory Defense and Penalties
  • This covers defense costs and potentially fines/penalties for violations of privacy regulations.
  • Example: You have to appear at and pay penalties for a Privacy Regulation Proceeding alleging a violation of any Security Breach Notice Law (HIPPA).
• Cyber Extortion
  • This will pay extortion expenses and extortion monies as a direct result of a credible cyber extortion threat.
  • Example: A hacker gains access to your network and withholds your data from you unless you pay X amount of dollars to the hacker.

• Cyber Extortion
  • This will pay extortion expenses and extortion monies as a direct result of a credible cyber extortion threat.
  • Example: A hacker gains access to your network and withholds your data from you unless you pay X amount of dollars to the hacker.