Cost of cyber breach insurance

Simple financial protection from data compromise.

Brand Barney, Security Analyst at SecurityMetrics
By: Brand Barney
There are three types of businesses.
  1. Those that have been hacked
  2. Those that don’t know they’ve been hacked
  3. Those about to be hacked
Cost of cyber breach insurance
Many organizations don’t think a data breach can happen to them. They believe data thieves are only interested in giant corporations with hundreds of thousands of customers. However, according to Raytheon, 97% of networks will experience a security compromise over any given six-month period.

Regardless of how they’re breached, I guarantee a business doesn’t walk away from their breach without financial suffering and/or brand degradation. A breach impacts your day-to-day operations, it often hits when you least expect it, and it’s extremely inconvenient.

SEE ALSO: How Much Does a Data Breach Cost Your Organization?

We have to face a hard truth: no business is immune to compromise, no matter how small or large. That’s where cyber breach insurances, paired with excellent security practices, can help.

SEE ALSO: 10 Tips to Keep Security In the Budget

What does a data breach cost?

I can’t discuss cyber insurance without laying out just how much a breach could cost. Obviously, the financial examples presented below will change based on your size, how many customer cards were stolen, how hackers got into your organization, if you were willfully aware of your vulnerabilities, etc.

If breached, you may only be liable for a few of these fines . . . or you could be expected to pay even more than I’ve listed. It all depends on the size of your breach.
  • Merchant processor compromise fine: $5,000 – $50,000
  • Card brand compromise fees: $5,000 – $500,000
  • Forensic investigation: $12,000 – $100,000
  • Onsite QSA assessments following the breach: $20,000 – $100,000
  • Free credit monitoring for affected individuals: $10 – 30/card
  • Card re-issuance penalties: $3 – $10 per card
  • Security updates: $15,000+
  • Lawyer fees: $5,000+
  • Breach notification costs: $1,000+
  • Technology repairs: $2,000+
  • An increase in monthly card processing fees: +
  • Federal/municipal fines: +
  • Legal fines: +
Estimates by SecurityMetrics QSAs

SEE ALSO: 7 Hearty Tips to Avoid Costly Data Breaches

Now that you understand just how important cyber insurance is to the financial stability of your organization, what should you expect to pay for it?

How much is cyber breach insurance?

Depending on how much financial assistance you would like to receive after a breach, your size, your annual revenue, and your industry, cyber insurance premiums can cost from $650 to $120,000 annually.

But you might not need cyber insurance.

When you might not need cyber insurance

Cyber insurance can be awfully expensive, especially for small to medium businesses. Is there any way you can get around it and still be protected in a data breach?
You might not need cyber insurance if you are already protected under your Payment Card Industry Data Security Standard (PCI DSS) vendor. Let me explain.

Most PCI vendors have a limited guarantee on their PCI compliance services. If their services don’t help protect you from data breach, you may be reimbursed up to $100,000 per Merchant Identification Number (MID). This breach protection is like a lifeboat that will keep you and your crew afloat after your ship starts to sink.
Data breach insurance cost
If you are paying a PCI vendor for data security and PCI compliance services and they don’t have a guarantee … do you really trust their products to keep you safe from data breach? Are they really looking out for your best interests?

Looking for a PCI vendor with an award-winning PCI service guarantee? Check this PCI product out.

What can you spend service guarantee finances on?

Most companies offering this protection won’t limit you to what you can be reimbursed for, as long as pertains to your breach. Here’s an example list:
  • Forensic investigations
  • Payment Card Industry Data Security Standard (PCI DSS) fines
  • Payment card brand fines
  • Health Insurance Portability and Accountability Act (HIPAA) fines
  • Customer payment card replacement fees
  • Customer notification costs
  • Regulatory fines/penalties
  • Upgraded device for future security
  • Gramm-Leach-Bliley Act (GLBA) fines
  • Post-event consultation

Which is better? Cyber insurance or breach protection?

For extremely large organizations handling large quantities of sensitive data, it makes sense to pay the premium for cyber insurance. But, remember, you might already be protected. For small, medium, and large businesses already fulfilling their PCI DSS requirements, it makes financial sense to make sure your vendor has PCI services guarantee.

Remember, your security matters.

Brand Barney (CISSP, HCISPP, QSA) is a Security Analyst at SecurityMetrics, has over 10 years of data security experience, and will totally geek out if you mention Doctor Who. Brand loves to play jazz piano and daydreams about being as great as Dave Brubeck or Thelonious Monk. Connect with him on Twitter or check out his other blog posts.