Probably less than you think.
Three in four U.S. companies don't have Cyber Risk or Network Security insurance, according to a study by Towers Watson & Co. What's more, many small and midsized businesses that do carry these policies have left themselves vulnerable to costly losses by failing to develop proactive data security and crisis response plans.
A data security plan begins with the human element. Training employees - particularly those who regularly deal with proprietary information in-house or stored on portable electronic devices - offers a cost-effective approach. A study by NetDiligence found that more than one in four liability data breach claims were due to lost equipment and other staff errors.
To help keep confidential information safe, managers should:
- Identify those employees who could create the largest exposures for the company in case of lost or misplaced data and make sure that they're diligent in protecting this data.
- Make compliance with data security procedures a part of worker performance review.
If you should suffer a data security breach, you'll need a crisis response plan, with responsibilities assigned ahead of time. The risk management and legal departments will deal with coverage-related issues such as cross-policy response and claims processing, while IT managers and auditors investigate the source and extent of the breach. Planning should also include guidelines for contacting law enforcement, and forensic investigators, as well as communicating with providers and business partners to address continuity issues.
The plan should designate personnel to handle media inquiries and public statements, interact with providers, and notify affected customers, using dedicated and updated contact lists.
We can help you create comprehensive, cost-effective protection for your confidential information by combining insurance coverage with risk management techniques.