top of page

More Businesses Expected to Insure Against Data Breaches, Cyber Crimes

Now that the Security and Exchange Commission requires public companies to disclose the costs of cyber attacks and a national data breach notification law is in the works it is expected that more companies will be purchasing insurance policies to protect against data breaches and cyber crimes. According to the Ponemon Institute the average cost of a data breach in 2010 was $7.2 million and Sony estimates that the breaches they suffered in 2011 will cost $200 million, so buying a policy to insure against hacks and breaches seems like it may be a worthwhile investment. However, according to a recent survey only one in three companies have a cyber insurance policy, although this is expected to increase over the coming year.

A cyber insurance policy can cover costs related to notifications, credit monitoring for victims, intellectual property theft as well as legal and investigation expenses, whereas the policies most businesses have cover only tangible losses and do not provide protection against data breaches or the like. Both the costs and frequency of data breaches have greatly increased in recent years which should encourage more companies to buy a cyber insurance policy.

Estimates value the cyber insurance market at $750 million, but an insurance industry expert expects this to grow by 50 percent in the next year to year-and-a-half. The main reason for this increase in insuring against cyber crimes is new guidance issued by the S.E.C. last October. Now public companies will be required to disclose cyber attacks and their associated costs to their shareholders when these costs are “material,” and the S.E.C. guidance specifically calls for a description of relevant insurance coverage. Having an insurance policy to cover against data breaches and other cyber attacks helps companies both quantify costs from such an incidence while also limiting their financial liability and exposure.


bottom of page