Just when we thought we’ve seen the worst of all of the data breach incidents, we hear yet another story about a company being impacted by an even larger data breach incident. From Sony to Target and — most recently — to Home Depot, it appears that each year is being hailed as the new “Year of the breach.” Here in California, we seem particularly vulnerable as the number of reported data breaches in California jumped 28 percent last year, as summarized in a report issued last week by the state attorney general. According to the report, the number of Californians whose personal information was breached skyrocketed by a staggering 600 percent to 18.5 million in 2013, up from 2.5 million in 2012.
In this digital environment where more — not less — personal information is expected to be shared online, have we finally reached a point where companies can no longer consider purchasing cyberinsurance as an option and instead, should consider it as a “must have” policy, along with property, general liability (GL), workers’ compensation, and other “staple” policies that all responsible companies own. For companies in the retail, financial and health care sectors, cyberinsurance already is a part of the overall risk management discussion but all companies, big and small, should now consider some form of cyberinsurance to minimize their future risk exposure.
“Cyberinsurance” is a generic term used to describe a variety of insurance that is designed to provide both first-party loss and third-party liability coverage for such things as data breach events, privacy violations and cyberattacks. Insurance carriers who provide cyberinsurance have their own policy documents and provisions and market these products under names such as “Digital Technology & Professional Liability,” “NetProtect 360,” “Privacy and Network Liability,” and others. Although the product names are different and the scope and breadth of coverage varies among carriers, this class of insurance policies is designed to provide some risk shifting for the costs associated with having to respond, investigate, defend, and mitigate against all of the consequences surrounding a data breach event, cyberattack, or privacy violation. |