Data breach insurance helps protect against the financial costs of having company data compromised either through cyberattack, internal failure, human error, or corporate espionage. Coverage typically pays legal fees, public relations costs, and the financial liabilities including the cost of identity protection solutions. Data breach insurance costs $500 to $3,000 annually.
Small business owners need to find the right type of data breach coverage to protect against both human-related beaches and cyber breaches. Top carriers such as The Hartford riders as well as standalone policies to provide the right amount of coverage for the real risks a company faces.
Top Data Breach Insurance Providers
Most business insurance carriers have some type of data breach coverage or cyber liability insurance. Some carriers combine data breach and cyber through policy endorsements while others offer standalone policies. Business owners should look for a carrier that has the policy that covers their needs whether they have more paper and office risks or extended cyber risks.
Top Data Breach Insurance Providers
|Small business owners seeking to combine coverage into a single policy.|
|Hiscox||Companies that store consumer and company data and require potential business interruption coverage.|
|Businesses wanting to compare data breach and cyber insurance policies.|
|Travelers||Price-conscious companies wanting to reduce premiums with cyber training programs.|
|CNA||Paper-heavy companies with client files on top of online databases.|
The Hartford is a national insurance provider offering small business insurance policies for a wide range of risks including general liability, workers’ compensation, and professional liability insurance. The Hartford offers both data breach insurance riders and specialized cyber liability insurance policies with 24/7 access to a data breach response site to mitigate existing threats quickly.
The Hartford is the ideal choice for small business owners in a wide range of industries who want data breach and cyber liability insurance added to a business owner’s policy (BOP). The Hartford allows both a data breach and a cyber liability endorsement with up to $500,000 in first-party coverage and $1 million in third-party coverage making this a comprehensive solution.
Hiscox is a small business insurance specialist, meaning they have worked hard to not just understand the risks micro-businesses and solopreneurs face but have developed products that meet the budget demands of these businesses. Hiscox offers general liability, business property, and professional liability insurance and has a specialized policy for electronic data loss.
Hiscox is the right choice for businesses with large databases and proprietary information maintained on their servers. Hiscox has an electronic data loss insurance program covering both data breach and loss of vital information. This policy helps with third-party and first-party claims, including business interruption coverage if company operations are halted.
CoverWallet is an online insurance broker that works for small business owners to find the right policy that covers their unique business risk for the absolute best price possible. CoverWallet partners with major national insurance carriers such as Berkshire Hathaway, Employers, and Liberty Mutual, offering coverage throughout the country for all lines of insurance.
CoverWallet is the ideal choice for business owners unsure about their exact insurance needs regarding data breach and cyber liability insurance. Because CoverWallet has so many carriers reviewing every business owner’s ten-minute insurance application, it is able to correctly assess coverage requirements for clients.
Travelers is one of the largest insurance carriers in the world, offering commercial insurance to small businesses and large corporations alike. Travelers offers the entire gamut of business insurance including specialty insurance lines such as equipment breakdown and cyber coverage. Travelers offers endorsements to their business owner’s policy.
Travelers is the right choice for businesses that want to improve their internal systems to protect data and consumer information. Additionally, Travelers policyholders enjoy training offered by the insurance carrier. This includes coaching, providing assessments, and providing employee training on improved data security.
CNA is a major national insurer offering a wide range of insurance products for small business owners. CNA offers all the main business insurance products such as general liability, workers’ compensation, and business property.
CNA is the ideal choice for business owners with mandatory data security requirements. Industries include financial services, insurance, accounting, medical, and legal industries where intake forms and client files must be protected. CNA’s NetProtect policy specifically covers both the cyber risks and the in-house paper risks of database and file management.
What Data Breach Insurance Is
Data breach insurance is usually a rider on general liability policies that covers liabilities when there is an unauthorized disclosure of personal information. Various privacy laws require companies to maintain rules and employee practices to protect the personal and private data of both consumers and employees or face fines and administrative actions.
What Data Breach Insurance Covers
Data breach insurance covers the expenses a business has to pay when consumer information is compromised or lost because of an employee error or major events such as fire or theft. Coverage payments can be used to pay for rebuilding databases as well as any claims against the company.
Most data breach insurance riders cover costs such as:
- Legal consultations
- Forensic services
- Consumer notification
- Credit monitoring
- Fines and penalties
- Lawsuit defense and settlement
Data breach insurance riders are usually broken down into two segments to tailor the coverage for a small business: the response expense limit and the defense and liability limit. The response expense limit is the total amount your insurer pays for your initial response to a data breach. The defense liability limit is the total amount the insurer pays for after-attack damages.
Response Expense Limit
The privacy breach response coverage is a rider typically added to general liability policies that pays for the company’s initial response once a data breach is realized. For example, a company might have to pay for forensic services to determine how the breach occurred, notification to affected consumers, and mitigation services.
Most privacy breach response riders have several tiered coverage options to tailor policies to different risk sizes. Typical data breach insurance riders offer coverage limits as low as $10,000 with caps going as high as $500,000.
Legal Defense and Liability Limit
Legal defense and liability limit coverage is a third-party coverage option with data breach insurance policies and general liability riders. Defense and liability limit pays the costs of litigation, regulatory defense, and penalties assessed to a company for failing to keep data secure.
Defense and liability limits in data breach riders of general liability policies typically range from $50,000 to $500,000 in coverage. Every small business owner should consider the potential of fines and litigation when choosing data breach options.
What Data Breach Insurance Doesn’t Cover
Data breach insurance is designed to cover the wide range of computer-related and employee-error issues that result in compromised customer data. However, the rise of cyberattacks has led to specialized cyber liability insurance. This means that some data breach policies don’t include cyber liability coverage and may not protect against all digital hacks.
Data breach insurance doesn’t cover:
- Selling of consumer data: Policies deny coverage if you sell data since there is no way to know where the breach truly occurred.
- Illegal business operations: A business found to be conducting illegal activities such as money laundering will not get data breach coverage claims approved.
- Specific cybercrimes: Data breach policies exclude criminal activity covered by specialized policies.
Small business owners may need a combination of data breach insurance and cyber liability coverage to fully protect themselves against lawsuits, penalties, and poor public relations.
Data Breach Insurance vs Cyber Liability Insurance
Data breach insurance is not the same as cyber liability, but these policies have some coverage overlaps. Both cover the loss or compromise of client or proprietary data, but in different scenarios. Data breach insurance covers situations where data is physically lost or stolen. Cyber liability covers data compromised through internet attacks but doesn’t cover data lost through employee error or negligence or physical causes such as fire.
Who Needs Data Breach Insurance
Any business that maintains personal or private information should really consider data breach coverage. When collecting credit card information, health history, and birthdates, guidelines must be met to preserve privacy. Failure to protect personal or private consumer data can result in civil or criminal fines even if the incident was an accident.
Here are common examples of potential data breach incidents:
- The human resources officer forgets to lock the file cabinet holding employee personal and private information, including Social Security Numbers, bank information, and beneficiary data.
- A mobile worker loses a flash drive that has the entire customer database on it while at a coffee shop.
- An ecommerce store incurs a data breach with a hacker stealing payment information from consumers as they make a purchase (this needs cyber liability coverage included).
Keep in mind, if you have a third-party IT provider who has designed your server infrastructure and protections, they may be liable for any breaches under their IT errors and omissions policy.
Personal Data vs Private Data
Regulatory fines and lawsuit claims are based on the type of information breached, so it’s important to understand the differences between personal and private data. Personal data is identifying information, like the details you might find on social media: hometown, birthday, spouse’s name, mother’s maiden name, and pet names. These are examples of personal data nefarious people might use to steal someone’s identity.
Private data includes financial records, bank account information, health histories, and medical records. If someone gets access to a mortgage office’s client details, they get both personal and private information through a credit application and report; the address and birthday are personal while the credit scores are private.
HIPAA Privacy Rules specifically protect any details associated with someone’s medical records and history. Any company in the medical industry, as well as those adjacent to it such as insurance companies, training facilities, and holistic health providers, are required to maintain HIPAA compliant processes and procedures.
Costs of Privacy Act Violations
The Department of Justice assesses up to $5,000 per violation for willingly violating Privacy Act rules. Violations are also considered criminal acts that could result in imprisonment for the person who allowed access or disclosure all the way up to company officers who fail to maintain proper Privacy Act protocol. HIPAA fines range from $100 – $50,000 per violation, capping at $1.5 million even for accidental disclosures or data breaches.
Data Breach Insurance Costs
Data breach insurance costs vary depending on the overall risk and needs of a company. A rider specifically for data breach could be added to your existing commercial general liability or BOP for around $100 in additional premium. More comprehensive policies that also cover cyber liability may cost $1,000 – $3,000 annually.
Typical Data Breach Insurance Costs
|Policy Type||Liability Coverage Amounts||Typical Starting Annual Premium|
|General Liability Insurance|
Data Breach Rider
|$1 million for general liability|
$100,000 for the rider
|$400 + $100|
|Business Owner’s Policy|
Data Breach Rider
|$1 million for the BOP|
$100,000 for the rider
|$500 + $100|
|Cyber Liability Insurance||$1 million||$1,000|
Data breach insurance costs are affected by many different things. Insurance carriers conduct an underwriting assessment regarding business operations, claims history, and overall risks for data breach before finalizing premium costs.
Some of the factors that directly affect data breach insurance costs include:
- Geographic region: Insurance carriers review the likelihood and history of claims for the state and county where a business operates and price coverage accordingly.
- Claims history: A company that has prior claims typically pays more for small business insurance than those without claims.
- Insurance provider: Every insurance provider has its own way to price policies depending on its appetite for specific industries and business types.
- Rider or standalone policy: Coverage added as a rider to an existing small business policy generally costs less than a standalone policy.
- Total coverage: Increased coverage amounts increase the cost of insurance.
- Deductible: Deductibles help manage the total costs; as deductibles increase, premiums go down.
- Privacy protocols: Small business owners with firewalls, employee training, and privacy protocols are likely to get more favorable rates for data breach insurance.
When considering coverage options, don’t assume that double coverage is going to cost twice as much. Talk to your insurance provider about different tiers of coverage to see what best protects you and fits within the overall insurance budget.
How To Get Data Breach Insurance
Data breach insurance is often added to a general liability policy or a BOP. As a rider to an existing policy, data breach coverage only adds a few extra dollars to your total costs. Keep in mind that data breach insurance riders might not include cyber liability coverage. If you need cyber liability insurance, you may need an additional policy.
General Liability Insurance
General liability insurance covers third-party claims for accidental bodily injury or property damage. When completing the general liability insurance application, there is often a section that asks about data breach coverage. Choose the options that best suit your budget and overall risks.
Business Owner’s Policy (BOP)
A business owner’s policy has the same options for general liability coverage combined with business personal property and business interruption coverage. A BOP is one of the most cost-effective business insurance solutions offering multiple types of policies in one. However, carriers vary on how much coverage you can add for data breach rider.
Professional Liability Insurance
Professional liability insurance, also known as errors and omissions insurance, covers professionals in claims stating their work or services were not conducted in a professional manner. While data breach is often excluded from this coverage, there are some instances where claims resulting from negligence are covered, but this often a narrowly defined claim.
Cyber Liability Insurance
Cyber liability insurance often goes hand-in-hand with data breach because hackers are attacking information stored on computers. Cyber liability typically covers recovery, ransom, rebuilding of data as well as the third-party claims such as credit restoration and monitoring and identity theft issues.
Tips on Getting Data Breach Insurance
Don’t assume every small business general liability insurance policy automatically covers data breach. Here are four tips to help small business owners get the right coverage for potential data breach claims:
Ask What Coverage Is Included
Don’t assume that data breach covers all cyber liabilities that may happen. While there is a lot of overlap between the two coverages, ask your commercial insurance agent to explain exactly what is covered by which type of policy. With data breach insurance, you’ll specifically want scenarios that involved employee error covered as well as potential cyber risks that may require cyber liability coverage.
Assess Cyber Risks and Other Data Risks
In the application process, insurance companies ask about how data and customer information is protected. Be prepared to note any firewalls and security measures maintained for company servers and computers. Also note if client files are maintained in a separate locked area with limited access. Reducing risks makes getting coverage easier and less expensive.
Establish Written Protocol and Procedures
Make personal and private data protection a priority by establishing policies and procedures that hold employees accountable for data security. Examples include always locking a computer when getting up even to grab a cup of coffee or never having client files sitting on a desk.
Hold Annual Privacy Training and Reviews
Talk to your employees about the importance of keeping personal and private data of customers secure. Hold mandatory compliance training to review policies, procedures, and potential disciplinary action for privacy rules. Insurance carriers may provide discounts when annual training is conducted and documented.
Data Breach Insurance Frequently Asked Questions (FAQs)
Almost every business is at risk for some level of data breach liability and should add a rider or additional coverage to their small business insurance. Below are some of the most common questions regarding data breach insurance.
Is data breach insurance necessary?
Data breach insurance is necessary for a business that stores any consumer records such as payment information, medical records, or personal details in files or databases. Data breach provides financial assistance to help consumers with credit monitoring, rebuilding lost databases, and reputation management systems. Without data breach insurance, companies are responsible for all costs.
What is first party data breach coverage?
First-party coverage insures against financial losses the policyholder experiences in a claim. In regards to data breach coverage, a first-party policy may offer credit monitoring and pay for expenses related to helping affected customers repair and rebuild their financial health due to identity theft resulting from the data breach.
Does cyber insurance cover data breach?
Cyber liability insurance covers data breaches caused by a hacker, virus, or other computer attack. Cyber insurance covers costs associated with the data breach, ransom costs, and IT resources to fix the source problem, but it does not cover data breaches arising from personal mistakes made outside of a computer system.
Both data breach insurance and cyber liability insurance are must-have policies for any company working with consumers and maintaining any personal or private information. While no entity will require you to purchase it, you are responsible for even innocent breaches that happen on your watch that could cost tens of thousands (if not more) in expenses, penalties, and remedies.
Business owners need to have confidence that the insurance policy they purchase covers the risks they are exposed to. This is why companies such as The Hartford work behind the scenes to expand policy coverage so business owners can rest at night knowing new types of data breach risks are covered. A quick online application is available at The Hartford to help businesses get coverage quickly.