Data Breach Strategies
As previously stated, cyber liability insurance is only one facet of a cyber risk management program. Below are some tips on how to get started on yours.
Develop Strategies to Prevent a Data Breach
Your data breach prevention strategies may include encrypting all devices used by your employees, such as laptops, tablets and smartphones. Encrypting will prevent unauthorized access if lost or stolen. Unencrypted devices often are not covered by a cyber liability policy, so make sure you know whether you need to encrypt. Your strategies may also include educating employees about phishing and pharming scams. Remind them not to click on anything that looks suspicious or seems too good to be true.
Analyze your cyber risks from three different perspectives: technology, people, and processes. This risk assessment will give you a clear picture of potential holes in your security. Revisit and revise your plan regularly as new risks arise often.
Know Your Disclosure Responsibilities
In the event of a data breach, you may be legally required to notify certain people. The National Conference of State Legislatures has published a list of security breach notification laws for each state. If your company is publicly traded, the Securities and Exchange Commission (SEC) requires you to report cyber security incidents to stockholders. Reference their cybersecurity guidelines.
Crisis Management and Response Plan
Preparedness is key when developing your cyber risk management program. When you experience a data breach, you need to be prepared to respond quickly and appropriately. Determine when and how the breach occurred, what information was obtained, and how many individuals were affected. Then assess the risks because of the data breach and how you will mitigate those risks.
While managing a crisis, let your clients know what actions you are taking, but be sure you’re not disclosing too much information. It’s a delicate balance. Focus on improving future actions—this will restore trust in your stakeholders and clients.
Your in-house lawyers, risk managers, and IT department should work together to create and refine your plan. Everyone should know their responsibilities when a breach happens.
Protect Your Data—and Your Business
Your cyber risk management program should include cyber liability insurance coverage that fits the needs of your business. Data breach insurance is designed to address the risks that other types of business liability coverage simply will not cover. It can be tailored to fit your unique situation and include the costs of disclosure after a data breach.