by Aneeta Kumar –
Data breaches of business systems. Theft of consumer debit and credit card information. Hacked iPhone photos. Improper disclosure of personal information. According to a September 24, 2014 report on Marketwatch.com, 43% of companies reported suffering one data breach in the past year, and 60% reported multiple breaches in the past two years. Cyber-attacks are becoming more and more pervasive and any organization, big or small, is a potential target.
Addressing cyber-attacks can be expensive. Depending on the nature and scope of the breach, a business may need to comply with legal notification requirements, pay for credit monitoring or counseling, or respond to governmental or regulatory investigations. It may need to hire experts and consultants to determine the method of breach and to fix problems in network security systems. If operations must stop while this occurs, business interruption losses may result. The business also may incur legal fees and costs to defend against lawsuits related to the breach.
Target Corp. announced last December that hackers stole millions of customer credit and debit card records, and the retailer reported $148 million in costs tied to the breach in its second fiscal quarter this year. Last month, Home Depot reported a breach of the payment systems in its US and Canada stores, with preliminary cost estimates related to the breach totaling $62 million so far. The breaches at large companies make headlines, but, as reported in a July 4, 2014 story in the LA Times, for every high profile incident, there are dozens of threats to small business, like Silversage Advisors in Irvine and Rosenthal Wine Bar & Patio in Malibu.
Insurance can help to mitigate some of these costs. Coverage may be available under a specialty cyber-risk insurance policy or in other insurance policies like general liability policies, property insurance policies, excess or umbrella policies, business interruption policies, E&O policies, D&O policies, crime insurance policies or bonds, and business-owner package policies that may contain a combination of the previously mentioned types of coverages.
After a cyber-attack, carefully review existing insurance programs to ascertain what coverages may be available to respond. Determining which policies may or may not apply is not always easy, and it may be wise to consult legal counsel and your broker. Also consider being proactive before an attack occurs. Review the policies in your insurance program and try to enhance existing coverages, identify if there are any potential gaps in coverage, and evaluate how to fill them.
Vigilant attention to an organization’s insurance program may help secure possible insurance benefits that can help to offset the costs that may result from a cyber-attack.
Aneeta Kumar is an attorney and partner in Kumar & Gerchick. Her practice focuses on assisting policyholders in obtaining maximum recovery from their insurance carriers for claims and losses, litigation expenses, settlements and judgments. Aneeta also serves on NAWBO-OC’s Board of Directors as Vice President of Community Relations.