Data Breach Risk Management 101
In late 2013, Target, the large American retailer, was the victim of a massive data breach that affected as many as 110 million customers. Cyber attackers installed malicious software on point-of-sale devices at Target stores and were able to steal the financial information of 40 million customers and the personal information of 70 million.
From lawsuits and fines to the costs of offering free credit monitoring and hiring a computer forensics investigator, this data breach is massive not only in terms of how many customers it’s affected, but also in terms of how much of a financial hit Target will take. Target’s cyber insurance policy will cover some of the monetary damages of the data breach, but the damage to its reputation and customer loyalty will not be easy to recover.
No business is immune to a data breach—not even a large retailers like Target. But your business can survive a data breach if you are prepared to handle it and if you have the proper cyber liability coverage to help you successfully respond to it.
Be Prepared With a Data Breach Response Policy
Target experienced a decrease in sales immediately following customer notification of the data breach. Customers didn’t feel safe shopping there with a debit or credit card, and many customers’ potentially compromised cards were cancelled by banks. Target tried to remedy this by offering a discount and free credit monitoring, but it may have been too late for some customers.
A data breach can directly affect your relationship with your customers or clients. They may not feel safe doing business with you anymore, and you must be prepared to prevent that.
One way to proactively protect your business is to create a data breach response policy—it will serve as your roadmap during a data breach. It will help employees work together to minimize the damage your business could suffer, and also ensure that your customers get consistent responses. Your data breach policy should address:
- What to do when you first learn of the breach
- What information to include in your risk assessment
- Whether notification is required, and who must be notified
- Developing a plan to control risks
To learn more about developing a data breach response plan, data breach and cyber attack risk management and or cyber & data breach insurance connect with an ALIGNED Insurance advocate today at www.alignedinsurance.com