- Office of Consumer Affairs and Business Regulation
A data breach can have a long-term impact on a company. Aside from any financial losses, companies often need to rebuild consumer trust and confidence after falling victim to a cyber-attack. Because of this, many businesses, both large and small, are rethinking their security practices and risk management strategies and looking toward measures such as cybersecurity insurance to help reduce the risk of a security breach and any related impacts
What is cybersecurity insurance?
The Department of Homeland Security describes cybersecurity insurance as a measure designed to mitigate losses from cyber incidents such as data breaches, business interruption and network damage. It is sometimes referred to as “cyber liability” or “data-breach liability insurance,” and is a type of standalone coverage.
It’s important to member that in Massachusetts, any business that owns or licenses personal information about a resident of the Commonwealth must develop, implement, and maintain a comprehensive written information security program (WISP). A WISP should take into account the business size, the nature of the business, the amount of resources the business has, the type of records it maintains, and the need for security. Therefore, it’s critical that cybersecurity insurance is not a substitute for managing your company’s cyber risk, but rather an optional layer of defense.
What does cybersecurity insurance cover?
In the same way that no two health insurance or auto insurance plans are the same, coverage available through cybersecurity insurance can vary from provider to provider.
However, cyber insurances typically helps the insured with:
- Legal fees and expenses
- Consumer notifications and costs associated with credit monitoring or other offerings to help protect customers.
- Repairing systems and recovering data
It’s important that businesses work with brokers and lawyers who specialize in cyber insurance policies. Industry experts recommend:
- Reviewing potential cyber risks and working with providers to tailor the policy to your needs. Similar to developing a WISP, the size of a company, number of customers and what type of data is collected all need to be taken into consideration.
- Understand what is and is not covered in the event of a security breach.
- Discuss plans for recovering from a cyber-attack.
For more information on cyber security, visit the Department of Homeland Security’s website.
Information regarding data privacy and cybersecurity can also be found on our website and the Division of Banks’ website (for financial institutions).
