You'd think that a behemoth retail chain like Target would have an insurance policy befitting its size, and before the 2013 data breach, its Cyber Insurance limits probably seemed high enough. But the figures for 2014's cleanup costs are in, and it looks like Target's policy only covered a fraction of its data breach expenses.
Here is a rundown of Target's expenses, courtesy of a report by Advisen:
- 2013: $61 million total; insurance covered $44 million.
- 2014: $191 million total; insurance covered $46 million.
- Total data breach expenses so far: $252 million.
- Total covered by insurance so far: $90 million.
- Total Target paid out of pocket: $162 million.
Though $90 million seems like a lot of coverage, it's not much of a salve when faced with a $162 million hit to Target's bottom line. Plus, the data breach costs are still rolling in, so $252 million isn't the final count.
What's driving these costs? You may have heard that several banks are suing Target over the cost of replacing customer credit cards, but that's just the start of Target's money hemorrhage. Other costs stem from:
- Investigating the breach.
- Repairing security weaknesses.
- Complying with breach notification requirements.
- Offering credit-monitoring services for breached customers.
- Hiring a legal defense team to respond to lawsuits.
- Curbing reputational damage through PR measures and advertising.
Target's Cyber Insurance can help cover these costs, but the policy's limits aren't high enough to bear the majority of the costs. The good news is that Target's misfortune can be a learning opportunity for your business. Let's take a look at some ways you can ensure your Cyber Liability Insurance policy's limits are appropriate for your risk.
Choosing Adequate Insurance Limits: How High Is Too High?
As we discussed in the post "Anthem's Data Breach Reminds Us Why Insurance Coverage Limits Matter," your best bet for getting adequate insurance coverage is to work with an insurance agent. And that's not our bias talking. An experienced insurance agent can help you…
- Understand your risks. Evaluating your exposures is best left to the pros unless you have a preternatural knack for data breach risk analysis. Even then, it never hurts to have an objective party weigh in. At insureon, our agents are trained by the industry, which gives them firsthand insight into your field's most pressing risks.
- Match policies to your risks. Once your agent has assessed your risks, they find insurance policies designed to address those exposures. For data breach protection, your agent may point you toward one of two Cyber Risk Insurance policies: first-party response or third-party defense coverage. First-party response handles data breach notification costs, security repair expenses, and reputational damage costs. Third-party defense coverage can address lawsuits related to the breach if you were responsible for building the security infrastructure that was compromised.
- Find adequate insurance limits. If you choose limits that are too high, you'll probably pay an arm and a leg for coverage you don't necessarily need. Choose limits that are too low, and you'll be in Target's situation: uninsured at a time when you need coverage most. Good thing your agent is an insurance whisperer and can help you pick limits that appropriately address your level of risk.
- Take advantage of money-saving options. For example, if you qualify for a Business Owner's Policy, your agent may recommend adding Cyber Liability Insurance to your bundle. That way, you can reduce your insurance spending and still get adequate data breach protection. Read more about that here: "Want Data Breach Insurance? Try Putting it in Your BOP."
To learn more about how agents are the bee's knees when it comes to all things insurance, read the post "How an Insurance Agent Can Help Small Business Cut Insurance Costs."