Insurance agencies are exposed to a significant amount of confidential data in the day to day operations of their agencies. Most insurance agencies have a privacy policy whereby they agree to maintain the information provided by a client confidential and only to use it for the purposes of obtaining insurance policies on behalf of their clients. Insurance agencies have a responsibility for keeping such information confidential and for developing policies and procedures to ensure the safety of such private and confidential information.
In addition to the general responsibility of maintaining the privacy of client information, most states have specific laws requiring the breaching party to notify all parties affected and also to offer such additional services such as credit monitoring and credit restoration. Many general liability or E&O policies have minimal provisions for third party claims, however, very few have provisions for the first party hard costs that have to be incurred by an offending party. These exposures are typically covered in a separate cyber risk or privacy policy. Highlighted below are some of the more common first party costs typically covered with such policies.
1. Forensic Costs- These are the costs incurred to accountants, computer technicians and attorneys for identifying the extent of the problem, specific clients affected and a strategy for notification. These costs can easily run in the $100,000 range for even a small breach.
2. Notification Costs- These are the costs associated with notifying all parties affected by a security breach. Costs for notification can cost anywhere from $3.00 to $9.00 a record or more.
3. Credit Monitoring- Most states require that if readily identifiable private information such as social security numbers, birthdates or other similar information is disclosed that such parties have to be offered credit monitoring services for up to one year. The cost of this can cost from $9.00 to $25.00 per record.
4. Marketing costs – A data breach can harm the reputation of a company and cause irreparable harm. Companies may have to incur costs to repair the image of a company and avoid a mass exodus of clients. Depending upon the size of the company, this can cost from as little as $25,000 to millions.
5. Data recovery- A breach can be caused accidentally by disclosing information or as a result of a malicious attack. Companies incur costs to rebuild data and restore systems to their pre breach status.
The above are just some of the first party costs that a company can incur and could be covered under a properly structured cyber or privacy policy. Please feel free to contact one of our licenses professionals to assess your needs.