Small Businesses Also Need Data Breach Protection – and Insurance When It Fails

Corporate data breaches are becoming more common, but small businesses often don’t think it’s their problem. And that could come back to bite them. From law firm Jaburg Wilk:

“There are numerous news reports of data and security breaches where customers’ personal information, including social security numbers, credit cards numbers and health information have been compromised… Many smaller companies perceive that they are not at risk for a data breach. However, that may prove to be untrue and very costly.”

What can be done to lower the risk of a data breach? A number of things:

“Proper controls should address the risks associated with the people, processes, and technology within your organization. Start by identifying and classifying sensitive data, train employees to recognize sensitive data and the risks associated with it, and then design procedures and technical or physical controls to address the risks. Employees should also be trained in how to prevent, detect, and respond to data breaches.” (Jaburg Wilk)

Security systems can fail, however, firewalls can be hacked, and sensitive data lost. That’s why companies need robust insurance policies that provide coverage for the wide range of costs associated with a breach.

To that end, three considerations for choosing the right policy, drawn from a recent ruling that found National Union Fire Insurance liable for nearly $7 million of costs associated with the hack of a DSW store:

1. Cleaning up after a data breach is expensive:

“Over $4 million in losses – the single largest share of the loss arising from the data breach – arose from the costs associated with charge backs, reissuance of credit cards, creditor monitoring and fines imposed by the credit card companies. The breach also resulted in an FTC investigation, resulting in a settlement and consent order for DSW, alleging that the breach was a result of the retailer’s failure to protect sensitive consumer data.” (Mintz Levin)

2. A standard crime policy may cover the costs:

“While most insurance companies have attempted to exclude cyber risks from many general liability and first-party property policies, this holding potentially adds crime policies to the list of policies that cover data breach costs, a list that, in addition to insurance-industry preferred cyber policies, also includes general liability, errors and omissions, media E&O and directors and officers policies.” (Proskauer)

3. All things considered, a cyber liability rider may be best:

“While DSW ultimately prevailed, this case highlights how important it is to have a cyber liability policy in place that is written to specifically cover the costs associated with a data breach event. When forced to rely on non-cyber liability endorsements, the insured may find itself having to engage in legal gymnastics to argue that it is entitled to coverage of associated breach costs.” (Scott & Scott)

Read the updates:

Find related technology law news on JD Supra>>