Professional practices often store confidential information that cybercriminals would love to access
Data breaches make headlines all the time. Yet, professional practices may be particularly ripe targets because they often store highly sensitive client information on internal servers and online databases.
The costs of cleaning up after a breach aren’t low. In 2014, U.S. companies spent an average $201 per record compromised, according to a study by Ponemon Institute.1 But those costs can run far higher at firms in highly regulated and lawsuit-prone industries like healthcare and accounting.
To protect against these financial risks, a practice may want to consider getting cyber insurance.
Types of Coverage
There are two main types of cyber coverage that most firms may want to have: “first-party” and “third-party.” First-party insurance helps pay for the direct costs, such as investigating the breach’s cause; notifying and providing credit monitoring services to clients; and dealing with business interruption and any harm to the practice’s professional reputation. Third-party coverage pays costs suffered by others, such as lawsuits or regulatory fines stemming from the breach.
Policies are customized to a company’s needs and risks, as are premiums and payouts. Cyber policies will generally cover a maximum of $10 million to $25 million in claims. Because each policy is unique, it’s vital to talk with an experienced insurance advisor who specializes in cyber insurance and can shop for policies among different insurers.
What to Consider
Here are a few things to consider before purchasing a cyber policy:
- What are your cyber liability risks? Companies should understand the key risks stemming from their data storage. For example, some practices may keep clients’ trade secrets, customer lists, marketing plans and intellectual property documents.
- Do your employees work remotely? Some of your employees may occasionally work from home (or a local coffee shop, for that matter), where the computer they use may not have the data-security protocols of their office computer. Certain policies may not cover a cyber attack on computers outside the office.
- Do outside vendors and consultants access your data? Some policies may not cover a cyber attack targeted at an outside vendor, even if it compromises your data.
- Do you understand all the terms? The language and exclusions differ from policy to policy. For example, it’s important to know what terms like “confidential information” and “personally identifiable information” mean to your insurer.
It’s important to have an experienced guide help you find a cyber policy that meets your needs. So, ask a professional to assess your practice’s risks and compare policies and terms across a broad range of insurers.
1Ponemon Institute, 2014 Cost of Data Breach Study: United States, May 2014.
