Insurance for Data Security Breaches: What Businesses Need to Know

In the last 15 years, virtually all business information and data has migrated from being stored on paper to being stored electronically. Now, rather than physically breaking into your office or facility, a thief can gain access via your computer system, and steal or corrupt virtually all of your information quickly. According to a leading publication, in the last 10 years there have been over 6,000 reported data breaches comprising over 800 million records.

With the explosion in electronically stored information has come a similar explosion in laws, statutes, and regulations, with names like HIPPA, HITECH, FACTA and others, State and Federal, that may impose liability on businesses for data breaches.

Finally, traditional insurance policies are unlikely to provide coverage, and the newer “cyber coverage” policies come in a wide and confusing array of variations.

Isn’t My Standard Insurance Enough?  

The answer is almost certainly no.Since 2014, the standard CGL policy – which is the bedrock of most business insurance plans – has specifically excluded coverage for data breach liability. Other types of insurance maintained by businesses – D&O, E&O, Umbrella, etc. – are not designed to cover liability resulting from data breaches.

The Solution:  “Cyber” Insurance Policies

There is no standard “form” policy (yet) for coverage for data breaches. Each company has its own form and name, such as “cyber liability,” “network security,” “cyber security,” “data breach,” and others. These policies are offered as stand alone policies, or can be added to standard policies such as CGL or business owners’ policies (“BOP”).

When looking for data breach coverage, ask yourself 2 questions:

  1. What data breach risks is your business exposed to?  In other words, if a hacker gained access to your system, what could he steal?
  2. What are the potential consequences/liabilities associated with a data breach at your business?

The answers to these 2 questions will help you narrow your focus and guide your search.

FACTORS TO EVALUATE Cyber Insurance Policies for data breaches:

  • Response costs
    • crisis management / public relations
    • notification of potential victims
    • credit monitoring
  • Costs of regulatory proceedings / investigations / penalties
  • Cyber investigative expenses
  • Business interruption
  • Data recovery or restoration
  • Defense costs in lawsuits
  • Damages and expenses from third party claims
  • Cyber extortion

Like the old, faithful CGL policy, cyber liability policies are now a necessity for many businesses.


Image by flikr user Senator Mark Warner, licensed under Creative Commons Attribution 2.0 Generic (CC BY 2.0) here.

Subscribe for Insurance Recovery Updates

About the Authors

Alan M. Ruley

Alan Ruley is a seasoned civil trial and appellate lawyer. He represents clients in a wide variety of disputes in federal court, state court, and the North Carolina Business Court, focusing primarily on business litigation, intellectual property, insurance coverage and recovery, banking and employment.
Email Alan
Allison Parker ediscovery attorney

Allison Buckner Parker

Allison is on a leave of absence from Bell, Davis & Pitt and the day-to-day practice of law. Allison Parker is a litigator, focusing primarily on insurance coverage litigation for corporate policyholders and business litigation.
Email Allison

More Reading