The cost of dealing with a data breach goes beyond repairing databases, strengthening security procedures or replacing lost laptops. Regulations requiring notifications of affected customers also drive costs for companies in which a data breach compromises personal or confidential data. Traditional business insurance may not be enough to protect companies from cyber-crime. But just how does cyber insurance work?
Typically, there are a number of different coverages available. To have the coverage that is right for your company, you and your agent can work together to tailor the coverages based on the specific risks your business faces. Following are some explanations of typical elements of a Travelers cyber insurance policy.
Third-Party (liability) and First-Party Coverage
What it does: Companies have an obligation to keep their customers’ protected health information (PHI) and personally identifiable information (PII) confidential. They may face potential liability if the information is exposed in a data breach. This coverage protects companies for liability to others and reimburses companies for expenses related to a data breach, which could include legal counsel and defense, a digital forensics team, notification costs, crisis communications and setting up a call center and credit monitoring for those affected by the data breach.
Why it’s important: Many companies store their customers’ confidential information, PHI and PII, as well as confidential corporate information, either for themselves or for another company. For example, an employee benefits company may have personnel records for the employees of dozens of companies it serves, which can mean that a single breach presents the potential for significant liability.
What it does: Claims and events can occur anywhere in the world, and notification requirements differ by location. To help fulfill these requirements, policyholders can access Travelers’ network of forensics, crisis communications and legal experts to address claims made or events occurring anywhere in the world.
Why it’s important: If a company has a data breach, it must follow the privacy laws that govern where its customers live, not just where it is headquartered. This can be costly, confusing and time-consuming for a company without specialized resources. Read more