In response to the sharp uptick in cyber-crime in the past few years, insurance companies have increased their offering of data breach insurance. Often, we get the question, “should I buy data breach insurance?” The answer is complicated. Let’s break it down together to help you decide whether it is good for your business. (Full disclosure: Yes, we have data breach insurance along with errors and omissions insurance, but we are responsible for protecting your data.)
Data breach insurance can help you recompense your losses in the case of a data breach, but it might not be enough to save your company. First, the point of insurance is to pay out after disaster strikes. In the case of ransomware, the amount of downtime could be hours, days, or longer. You might never recover your data. As an example, the Brandon Chamber of Commerce lost years of data after a ransomware attack. How much of your customer data can you afford to lose entirely and still function? How long can your company operate without access to customer data (downtime)? Data breach insurance cannot get you back up and running faster, or guarantee recovery of your data.
Additionally, the costs associated with data breaches can be very difficult to measure. One example is customer confidence. Imagine having to notify your customers that their information has been breached as a result of an attack on your network. Recent studies of consumers have shown that they are less likely to do business with companies after a data breach. Major corporations, such as Target, might be able to recover. Can you? That brings us to our next consideration…
If a fire breaks out at your house, which would you rather have: homeowners insurance, or a good fire suppression system? Admittedly, a good fire suppression system might not eliminate all of your damage, but it should be able to contain it better than getting repaid after the damage is done. Certain things in your house might never be able to be recovered. Pictures of your major family events, family heirlooms, and sometimes even your loved ones can be in jeopardy.
Similarly, cyberattacks jeopardize your ability to deliver your product, the economic well being of you and your employees, and your reputation. Wouldn’t you rather focus on prevention? At a minimum, have a good backup solution that protects your most crucial data on the cloud. There are options available that will cost about as much as data breach insurance. We will help you determine your tolerance for downtime and find a solution that matches your budget. Also, don’t forget to read the fine print!
Insurance is about managing risk, and agents still need to make a profit. The fine print is often where you learn what a policy actually covers. Here are a few things to look for in the fine print:
- Is failure to patch a known vulnerability considered a pre-existing condition?
- Should an unpatched system be covered under a clause for errors and omissions?
- When an employee falls for a phishing attack and infects the network that way, is that covered?
- Does it account for “human error?”
- What are the limitations of coverage? Will it cover employee salaries while they are unable to be productive?
Data breach insurance should be considered, but only after more proactive cybersecurity methods are in place. Be certain that you are aware of what the policy does and does not cover. Build your network to make your data breach policy redundant.