When Your Data Goes Viral: Insurance for Data Breaches

A data breach typically involves the unauthorized release or access of personal or confidential information. Personal information includes names, addresses, Social Security numbers, financial information, or health information. In addition to personal information, a data breach can also jeopardize a company's confidential information such as client records, trade secrets, privileged legal information, or employee records. Although many associate data breaches with hackers or cyberattacks, human error, such as a mistake in computer coding or losing a company laptop, also have resulted in significant breaches. A 2014 study concluded that 44% of data breaches were from malicious or criminal attacks against an organization, but 31% resulted from employee negligence and 25% resulted from system glitches. And at press time,'a new'Sony data breach, allegedly carried out by the North Koreans,'was all over the media, with informaton still to come.

The losses associated with data breaches are significant. The total average cost from breaches in 2014 was $5.9 million, with each lost or stolen record estimated to cost an organization $201. See Ponemon Inst., LLC, 2014 Cost of Data Breach Study: United States 17 (2014), http://ibm.co/1yek7Mt. In addition to lost profits, companies involved in a breach face reputational harm and may face physical damage to their technology systems, software, or hardware. They also incur the cost of remediating the harm to individuals or organizations whose information was disclosed, providing them with notice of the breach, a call center for information, credit monitoring, and identity fraud recovery services. Victims of a data breach also may incur costs retaining specialized breach response firms to help identify and repair the cause of the breach, and public relations agencies to restore their image. Additionally, they may face the costs associated with lawsuits over the breach, and administrative actions against them.