For insurance companies, each large scale data breach news story is like free advertising for data breach protection policies. Due to the increased awareness, more business are purchasing policies to protect against the risks of insurance, according to a recent story in the Boston Globe and reports from insurer Liberty Mutual.
These policies can cover the costs of a data loss, from hiring investigators to find the source of the breach to providing credit monitoring for customers to enlisting public relations experts to help salvage the company’s reputation, but there are many different types of policies available and businesses would be well advised to consult with their legal counsel for advise as to what risks and costs should be covered for their specific business.
Additionally, some general liability policies may provide additional coverage, but, as the risks of data breaches increase so do the number of policies that exclude this coverage, or, at least, provide only nominal coverage that is not sufficient to protect a business. In fact, insurance industry insiders have identified the trend that insurance companies are starting to specifically exclude electronic data losses from traditional corporate policies, forcing businesses to buy additional coverage. For instance, since October 2014, the Chubb Group of New Jersey has excluded privacy and data breaches from its standard insurance for directors and officers of health care companies.
Are you covered? Should you be? Now is the time to answer those questions.
Questions? Let me know.