You don't need us to say it: data breaches are bad news for business. There are plenty of studies gauging how much each exposed record costs (e.g., Ponemon Institute's latest study says $173), but quantifying a breach's aftermath can be tricky.
For example, consider the data breach at Indiana-based company Medical Informatics Engineering (MIE). The Journal Gazette reports MIE noticed an unusual surge of network activity on May 26, 2015, and promptly shut done the affected server. That triggered a whole slew of expenses, including the cost of:
- Bringing in cyber crime specialists, a law firm, and a forensics company.
- Complying with state and federal guidelines on how to notify almost 3.1 million consumers.
- Responding to a lawsuit over the breach that seeks class-action status and more than $5 million in damages for failing to stop the breach and notify consumers in a timely manner.
If you follow any news coverage for widespread data breaches, these costs shouldn't be much of a surprise. (Need a refresher? Check out "Target's Cyber Liability Insurance Covered 36% of Its Data Breach Costs. How Much Does Yours Cover?") But what you may not realize is just how many hidden costs accompany a breach.
Let's take a look at some lesser-known data breach costs and see how Cyber Liability Insurance can address these financial strains.
Adding Up the Data Breach Fallout
We know that MIE's breach is racking up bills for investigators, client notification, and the impending lawsuit. But here are a couple additional expenses MIE may be up against:
- Call centers. According to WISHTV.com, the MIE data breach is so extensive that affected medical providers can't keep up with calls from frustrated customers. The report states Franciscan St. Francis Health (one of MIE's clients) had to set up a 24-hour hotline to help answer questions about the breach.
- Identity and credit monitoring services. WISHTV also notes MIE is offering free identify theft and credit protection services for affected parties. Considering how many people were affected by the breach, you can imagine this service isn't cheap for the company.
- HIPAA fines. As you may know, HIPAA requires businesses that handle protected health information to keep sensitive data under lock and key. Because the medical records of an estimated 1.5 million people were exposed in the breach, MIE may be on the hook for regulatory penalties. Read more about how much HIPAA violations can cost a business in "How Tossing Electronics Can Turn into a Professional Liability Lawsuit."
- Lost business. This is perhaps the hardest cost to measure because the long-term effect of lost business may keep snowballing for years after a breach. To shed some light on the matter, consider that the Javelin Research Study "Avoidable Collateral Damage from Corporate Data Breaches" [PDF] found that 33 percent of customers leave after a breach. For healthcare businesses in particular, 30 percent of consumers won't return to a business that had a breach.
You may be wondering how any business can survive this avalanche of costs. In short, Cyber Liability Insurance may be MIE's saving grace. Let's review what this policy can do.
Cyber Liability Insurance to the Rescue
A robust Cyber Liability Insurance policy can help address breach response costs, including…
- Notification expenses.
- Forensic investigation.
- Security repairs.
- Credit-monitoring services.
- PR measures to rebuild a business's reputation.
Some policies may also help pay for regulatory fines, but be sure to talk to your insurance agent about what your policy can and can't cover.
While your Cyber Insurance policy can help pay for good-faith advertising to repair your business's credibility after a breach, there's no guarantee spurned consumers will return. That's why it's a good idea to invest in cyber security from the outset in the hopes you can avoid the data breach spiral altogether. For some starter security tips, check out "Yes, You CAN Prevent Data Breaches."