Cyber Risk Insurance

By Dennis Gardiner, Managing Partner, CPA

Do you have insurance to address an intrusion or breach of your computer systems, or a lost or stolen laptop or even a flash drive? Do you think you have limited exposure? Very large companies, or even the US Government undoubtedly have very sophisticated security over their data processing systems. Yet, T-Mobile, Experian (a credit monitoring service), Target, AT&T, the White House, the US State Department, US Office of Personnel Management are some of the many companies (organizations) that have had breaches.

However your data may become compromised, it can have serious implications. Significant costs arise from finding a breach, determining a solution to a breach, notifying customers, legal expenses and potential fines. There are legally mandated steps, by 47 states, that must be taken by companies. Many companies offer free credit monitoring to those affected, depending on the type of information breached, or potentially breached.

We are not telling you to go out and buy this type of coverage, but we strongly recommend you take a look at it, or discuss it with your insurance agency the next time your policy comes up for renewal, or sooner.

If you were to suffer a breach of sensitive information, you are going to need resources to guide you through the necessary steps to comply with your legal requirements. Policies can provide you coverage in managing the event, defending any regulatory actions, and any remediation and notification expenses.

You might want to visit with your insurance professional as to the coverage afforded for a breach in your current insurance products in force, particularly any liability coverages. There may be some coverage under those policies. Any coverage you would have isn’t likely to be specific to a computer breach, but may provide some relief.

Regardless of what you decide about securing insurance coverage specifically to address a breach of sensitive data, you should proactively develop an action plan in the event you have a breach and be prepared to deal with the aftermath. We encourage you to develop a plan to identifying how the breach occurred, action steps to be taken to remedy the breach and the appropriate notifications. Identify what questions to ask, who to reach out to and when to let your customers, employees, etc. know that a breach occurred. Your advance preparation can help to minimize damage to your reputation and interruption of your business.