Cyber Liability and Data Breach Insurance Issues

You deal with a lot of issues as head of a $30 million local retail chain.  This time the credit card company called to inform you that they had identified 50,000 credit cards used legitimately at your business were later compromised.  That’s 50,000 of your customers.

Hackers were suspected to have penetrated the point of sale system. The Payment Card Industry Agreement required you to hire a certified forensic investigator to examine the systems and related infrastructure. And costs piled up as you notified the 50,000 customers and paid for credit monitoring on their accounts. Beyond that, the news hurt your business and your reputation. Customers were angry, and some got together and filed a class-action lawsuit. Legal fees just continued to mount. 

According to the NetDiligence® Data Breach Cost Calculator* the estimated costs for this event for the retailer could be: An average event of this type could drive the average costs up to $5,900,000** for a business.

Risk Management Tips:

  • Maintain and frequently review compliance obligations under the Payment Card Industry (PCI) Agreement.
  • Consider implementing end-to-end encryption of credit card transactions.
  • Employ a chief information security officer (CISO) to develop and implement your business-wide data privacy procedures.

*The NetDiligence® Data Breach Cost Calculator and other tools are available to insureds on the Travelers’ eRisk Hub®.
**Ponemon 2015 Cost of Data Breach Study, NetDiligence Cyber Claims Study 2014
eRisk Hub is a registered trademark of NetDiligence.
Coverage for all claims and losses depends on actual policy provisions. Availability of coverage depends on underwriting qualifications and state regulations.

January 16, 2017
by John Connor
Business Advisor