Skip to main content

Understanding data breach and liability insurance

October 23, 2023

With cybercrime on the rise, it’s essential that insurance agents and business owners alike understand the role data breach insurance plays in safeguarding the financial well-being of organizations across the country. While data breach insurance has been available for some time, there are often questions about how it works and the value it provides. This article serves as a roadmap for agents to understand data breach insurance and how to best position data breach insurance to current clients.

What is a data breach?

To start, let’s examine what exactly a data breach is. According to IBM, a data breach is any security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal or corporate data.1 Compromised data often includes Social Security numbers, bank account numbers, health care data and other sensitive information (e.g., customer data records, intellectual property and financial information).

When these breaches occur, they cause significant harm. Specifically, data breaches can cause reputational damage; compromise business operations for days, weeks or even months; and lead to legal bills of six-figure or more. Accounting for these factors, the average impact of a data breach on organizations with fewer than 500 employees is $3.31 million, with an average cost per breached record of $164.2 Putting this in perspective, data breaches can cause irreparable financial harm that exceeds a company’s annual revenue and has a long-lasting impact on an organization’s operations.

How do data breaches happen?

Data breaches can be caused by several sources, including internal or external actors. In general, data breaches caused by internal or external threat actors follow the same basic three-part pattern:3

  • Research: Cybercriminals identify a target business and search for weaknesses they can exploit, whether it be their computer system or employees.
  • Attack: With a target identified, the cybercriminal uses an attack vector of choice. Common attack vectors cybercriminals use to deploy data breaches include, but are not limited to, the following:
    • Social engineering—Social engineering refers to the art of manipulating individuals into divulging confidential information (e.g., passwords) or performing actions that compromise an organization’s data. Instead of exploiting software or hardware vulnerabilities, social engineering targets the human element of security, as it can sometimes be s easier to exploit human nature than a technical flaw in a system. Common forms of social engineering include phishing, spear phishing and vishing.4
    • Ransomware—Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.5
    • Human error—Cybercriminals stay on alert for vulnerabilities created by employee errors. Employees can expose data to attackers by storing it in unsecured locations, misplacing devices, or mistakenly granting network users excessive data access privileges.
  • Data Compromise: With access to the target’s systems, cybercriminals locate any sensitive data of interest, exfiltrating it for use or sale, destroying it or ransoming it for payment.

What is data breach insurance?

To guard against the impact of data breaches, businesses can turn to data breach insurance. This coverage provides first-party coverage for expenses incurred by a business when its data is compromised. Expenses that are typically covered include those associated with:

  • Notifying customers about a data breach
  • Providing credit monitoring services
  • Setting up a call center for affected individuals to obtain additional information and sign up for credit monitoring
  • Protecting a business’s electronic data and computer systems from damage and computer attacks
  • Assisting with any associated legal expenses
  • Business income losses due to the breach

It should be noted that, generally speaking, data breach policies do not provide coverage for third-party losses related to data breaches and other cyber events. In many instances, a cyber liability policy that covers first- and third-party losses may best fit a policyholder.

Who needs data breach insurance?

In today’s hyper-connected world, most businesses collect and store some form of customer, client or vendor data. Leveraging this data is essential to operating a business efficiently; however, storing it can make an organization an attractive target for cybercriminals. Accordingly, just about every business in the United States—large or small—could benefit from data breach coverage.

How much does data breach insurance cost?

The cost of a data breach insurance policy varies based on several factors, including:

  • A business’s size, industry, location and revenue;
  • The types of data the organization stores;
  • The business’s claims history; and
  • The cybersecurity controls the business has in place.

Generally, smaller businesses that store minimal data can expect relatively modest premiums (sometimes as low as a few hundred dollars). In contrast, larger, more sophisticated businesses typically pay more for their coverage.

How to sell data breach insurance

For many insurance agents, selling data breach liability insurance can feel challenging or outside their comfort zone. After all, this may be a product agents have not emphasized with clients in the past. To help sell data breach liability insurance more effectively, agents should consider these four tips:

1. Highlight the value of data breach liability coverage.

It’s crucial to stress the value of data breach liability insurance with business owners. Business owners want to make decisions that will help safeguard their balance sheets. Data breach insurance can help by allowing an organization to restore operations and quickly protect their reputation following a breach. Nationwide’s data compromise protection includes:

  • Legal reviews
  • Forensic information technology services to help determine the nature and extent of an electronic breach
  • Personal services for those affected, including helplines, credit monitoring and case managers for victims of identity fraud
  • Services provided by a professional public relations firm to review and respond to the potential impact of the data compromise
  • Legal defense costs

Without access to this protection, the cost of a data breach could be devastating for any business, especially small businesses. In this sense, data breach coverage is an essential tool to protect a company’s value.

2. Avoid the jargon and outline the basics.

Data breach insurance can be unfamiliar to many businesses, especially if they have not previously purchased cyber liability or data breach insurance. With this in mind, it’s important to avoid jargon, acronyms and technical descriptions when discussing data breach insurance. Start with the basics. Ensure your clients have a good handle on the value this coverage provides, and communicate in simple, easy-to-understand terms when discussing coverages and related value-added services.

3. Explain the benefits of data breach insurance.

Beyond risk transfer, data breach insurance provides policyholders with numerous benefits. Specifically, coverage can provide policyholders access to online employee training, cyber risk assessments and tools, breach response services, legal support, and more. Notably, these services empower your clients to take a proactive approach to cybersecurity and can even help them prevent a breach from occurring in the first place.

In particular, when businesses insure with Nationwide, they gain access to our risk management resources, including eRiskHub and Cyber Safety powered by Zeguro. Key features include:

  • An incident response plan roadmap, which provides suggested steps to take following a cyberattack or data breach
  • Online training modules on privacy best practices and red flag rules
  • Risk management tools, including self-assessments and state breach notification laws
  • A resource directory
  • News center with cyber risk stories, security and compliance blogs, security news, risk management events, and helpful industry links
  • Learning center with best practices and white papers written by leading authorities

4. Stay up to date on data breach trends.

For insurance agents, staying current on the latest cybersecurity trends and threat landscape is essential. Doing so allows agents to more easily converse with policyholders about emerging threat vectors that could lead to a data breach. By showing how cyber threats impact a particular business or industry, agents can gain buy-in to have broader conversations about data breach insurance, cyber liability insurance and cybersecurity with their clients.

Protect your clients with data breach liability insurance

With cyberattacks becoming more frequent, there’s a growing chance that the businesses you help insure will suffer a data breach at some point. Businesses need protection to help them offset the devastating effects a breach can have from a financial and reputation standpoint. Nationwide is here to help.

We have the expertise to protect business owners as well as their employees and customers should their data be compromised. We’re standing by 24/7 and offer highly experienced breach remediation teams to solve problems quickly. Most importantly, Nationwide has the financial strength and stability to support cyber claims that come our way. Nationwide is a company built on relationships, and we want the businesses you work with to be protected from today’s rising cyber threats.