You’ve been hacked. Now what?
Data breaches happen fast. Here’s a look at what happens next, and where cyber liability insurance can provide assistance.
You just discovered your business suffered a data breach.
The questions start swirling:
- How can I stop the data leaks?
- How will I tell my employees, customers and clients?
- How can I secure my network?
- How will I manage all of this? And most of all, how much will this cost?
Data breaches happen quickly, regardless of whether they result from a phishing attack, malware, a card-skimming device or ransomware. But the aftermath lasts for more than a year.
Data breaches also are expensive. The Ponemon Institute’s 2018 Cost of a Data Breach Study pegs the average total cost of a data breach at $3.86 million, or $148 per stolen record.
Ponemon also reports that businesses can save up to $14 per stolen record with an incident response team.
For most businesses, having an in-house breach response team isn’t practical. That’s why a standalone cyber liability policy can help. Here’s a look at what happens in the days, weeks and months following a breach, and where cyber liability can provide assistance.
Identifying the breach
Some breaches, like ransomware, are obvious, because they won’t let you use your systems without paying a fee. But malware, phishing and other breaches can be elusive because they run in the background and secretly steal your data. A good hacker won’t leave a trace. Signs of a potential breach include sluggish device performance, frequent restarts, odd pop-up ads or recurrent program or app crashes.
Breaches don’t always happen during business hours. Look for a cyber liability policy that provides a 24-hour phone line where you can report actual or potential breaches. The hotline should be staffed by breach response experts who can diagnose your systems, investigate quickly, and escalate your request appropriately.
Fixing the breach
Once you verify that a breach occurred, you must act fast. Every second your systems are compromised carries the risk for continued data loss. A cyber liability policy should give you access to a dedicated breach response team that includes forensic information technology (IT) specialists. They will find the malware (or whatever caused the data breach), determine the scope of the breach, and help you learn how to limit or eliminate it.
Such experts will also investigate your firewalls, secure your data, perform data recovery, evaluate your data backup plans, rebuild your network and advise on best next steps. These IT costs alone can run into the mid-six-figures depending on the size and scope of a breach.
Disclosing the breach
Providing proper notification of a data breach is no less urgent than fixing the breach. Global giants like Yahoo and Equifax faced scrutiny (and in Yahoo’s case, a multi-million-dollar fine) for failing to report wide scale breaches quickly.
Notification is potentially the most complex and time-consuming task following a data breach. You’ll need legal experts who can advise as to whether any federal or state laws were broken, and whether you need to notify law enforcement. You also may need to notify regulatory bodies (such as health-care companies needing to disclose HIPAA violations). You’ll need to comply with multiple state laws, many requiring different disclosure timelines.
Of course, you’ll need to notify every consumer or employee who was impacted — or potentially impacted — by the breach. And you’ll need to do all of this in an organized, systematic way that protects your company’s reputation.
A cyber liability policy should provide your business with legal experts who can help you navigate the complex maze of government and regulatory notification rules. Such rules are based on your customers’ (and not your company’s) home state. Under many state laws, your insurer will be required to send out notifications. Legal experts will also advise on whether any laws were broken, and what risk and responsibilities your company may face as a result. And they can help you calculate what fines you may face (such as Payment Card Industry fines for any breach of credit card information).
As part of some cyber liability policies, a breach response team will set up a call center for you that’s staffed with experts who know how to properly manage the notification process. They’ll provide a list of frequently asked questions that will help customers and employees understand what happened and give them action items (such as resetting passwords for online accounts). They’ll use appropriate language to handle difficult conversations with irate customers. And they’ll know the required methods for notification (paper, email, etc.).
If your data breach involved any customer data, you’ll be required to offer credit monitoring to all affected parties within 90 days of notification. That monitoring will eliminate potential identity theft and will continue for one year. This too may be handled by your breach response team.
Oh, and did we mention that data breaches are headline news? Look for cyber liability policies that include public relations expertise to help you determine who will speak to the media, how to handle social media backlash, and advise on what you should—and shouldn’t—publicly disclose. Such experts also will advise on how to rebuild the significant reputation damage that may accompany any data breach.
Avoiding potential pitfalls
All cyber liability coverage is not alike. To ensure proper coverage, businesses must weigh the type of information systems they have, their risks, and the potential consequences.
Some items to consider include…
First-party vs. third-party coverage: You may view cyber liability as third-party coverage because it covers your customer’s data. But the strongest cyber liability policies will also include first-party coverage. This will cover:
- Breaches and risks to your own business data.
- Compensation for the cost of getting your systems secure again after a breach.
- Business interruption so you can reclaim lost income based on the revenue your company traditionally generates during the time you exposed and mitigated the breach.
Risk mitigation: Many cyber liability policies offer videos, webinars and other training materials that can help your employees learn how to prevent data breaches, identify (and avoid) phishing emails, and avoid common security pitfalls. You may need to reach out to your carrier online to access this information.
Know when to seek help
No matter the size of your business, handling a data breach on your own is impossible. Any misstep brings the potential for additional data loss, costly fines, and crushing public relations damage. Cyber liability coverage provides you with experts who will respond quickly and calmly, save you from countless administrative headaches, protect your reputation and help you manage the aftermath of a data breach so you can continue to focus on your business.
Chris Larson is an underwriter with Distinguished Programs. He specializes in cyber liability. Chris can be reached at CLarson@distinguished.com.
The opinions expressed here are the author’s own.
See also:
Top 10 writers of cybersecurity insurance
Cybersecurity insurance: popular but poorly understood
What to expect: the cyber liability insurance application process