Data breaches caused by hackers or other forces outside the control of a business are a scary, and expensive, proposition for any organization that collects or retains personally identifiable information, or warehouses credit or financial information. According to a recent study by Symantec, an average data breach will cost an organization $5.5 million, including direct costs such as engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions, discounts for future products and services, and indirect costs such as in-house investigations and communication. These costs are in addition to the costs of potential litigation (often in the form of a class action) by customers alleging that the company failed to take adequate measures to protect their data, and investigations by government agencies, such as the Federal Trade Commission, that frequently become involved when breaches affect a large number of consumers.
Like any potentially catastrophic problem, insurance can be at least a partial solution. A new article in The Corporate Counselor examines insurance coverage for data breaches. In-house counsel may be surprised to learn that coverage for data breaches is not limited to specialty policies, and can often be found under standard CGL or property insurance policies. Any time a potential data breach occurs, it is essential for an insured to consider all forms of insurance that it carries and to provide prompt notice to its insurer(s) of any policy that even potentially could apply.