In our last issue of Lifelines, we took a look at how LIUNA District Councils, Local Unions, health and welfare funds and signatory contractors can take steps to protect themselves from cyber attacks. This month, we examine whether your organization should consider adding cyberliability insurance in the event a data breach does occur.

Impact of a Data Breach

Data breaches expose personally identifiable information (PII) and protected health information such as Social Security numbers or medical records. This information is commonly used in identify theft schemes and other fraud-related crimes.

Virtually all organizations and employers have PII or protected data that must be secured. For example, some federal and state laws now require employers to keep copies of employee medical records on file.

Cyberliability insurance policies help cover the variety of expenses that can result from a data breach. For example, federal and state privacy and security laws increasingly require organizations to:

  1. Notify people who are affected by a data breach, usually by mail
  2. Offer credit monitoring to those affected
  3. Offer identity protection services to those affected

The costs associated with these requirements can quickly add up, and that’s just the administrative costs. Health plans, including multiemployer health and retirement plans, are subject to Health Insurance Portability and Accountability Act (HIPAA) requirements that could trigger other costs. These include fines, penalties and even legal claims brought by states on behalf of affected residents. Lastly, there are also the financial losses related to the data breach itself.

Policies usually provide for experienced attorneys, experts to track down the source of the breach and public relations professionals. The cost of cyberliability insurance has decreased in recent years, with an average policy running a few thousand dollars.

If you’re considering cyberliability insurance for your organization, contact your insurance broker or legal counsel for help in finding the right policy. Answering these questions will help determine the scope and cost of coverage.

  1. How many records will the policy cover?
  2. Do you already have policies in place to protect sensitive information?
  3. Do you have a plan in the event a data breach does occur?
  4. How stringent are your cybersecurity practices? For example, do you use encryption software, antivirus programs and/or mandatory password protection?
  5. Have you had a data breach in the last two years?

Though cyberliability insurance can’t bring your data back, it can help defray the administrative, technological and legal costs associated with a breach. As security laws become more numerous and complex, those potential costs continue to rise.

[Nick Fox]