Schnuck Markets Inc confirmed last month that it had been hacked and was investigating a breach that led to customer credit and debit cards being fraudulently charged.
Experts say that the number of compromised cards is likely in the tens of thousands. This means that if 10,000 cards have been compromised and based upon the Ponemon Institute’s 2011 Cost (per customer) of a data breach being $194, Schnucks could already be $1,940,000 in the red due to this data breach.
What if Schnucks had a Cyber/Data Breach insurance policy? We’re going to explain just how having a cyber/data breach insurance policy may have helped Schnucks respond to its data breach.
Informing Customers of a Data Breach in a Reasonably Timely Manner is Key to Minimizing Brand and Reputation Damage and Revenue Loss
When a data breach happens, reputation to an organization’s brand can suffer great damage and it can also be damaged by how an organization responds and handles its data breach.
According to news articles, Schnucks did not immediately report its recent data breach. Two weeks after the breach was discovered, Schnucks released a statement saying it had “found and contained” the breach. Loyal Schnucks shoppers said they’d migrate to competitors after learning of the breach and were annoyed that Schnucks took two weeks to notify customers of the breach. Many customers have become victims of fraudulent charges due to the Schnucks data breach. Needless to say, this breach could end up costing Schnucks several million dollars in lost business, as well as fines, customer notification letters, credit monitoring services and investigation costs. This does not even account for the possibility that Schnucks could be faced with a class action suit by breach victims, especially since they have proof of financial harm due to fraudulent credit and debit card charges.
Having a cyber/data breach insurance policy could have helped Schnucks send out notification letters to its customers notifying them of the data breach and also offering them one year of credit and/or identity theft monitoring services. Besides covering those losses, Schnucks also would have a “Data Breach Coach” (a.k.a “Privacy Attorney”) to help oversee the investigation and breach response as well as a Computer Forensics Investigator to investigate the existence and cause of the security breach, and attempt to determine the extent to which such information may have been improperly accessed. These costs can quickly add up into hundreds of thousands of dollars, which is why having a cyber/data breach insurance policy is becoming a necessity for organizations today in helping mitigate residual data breach response costs when a breach occurs.
If Schnucks was faced with a lawsuit due to the data breach, their cyber/data breach insurance policy would also help pay legal defense costs and potential customer settlement costs.
Some other coverage’s that Schnucks could have, depending on its policy as it’s important to note that cyber/data breach insurance policies come in many forms and variations:
– Crisis management help – this would allow for Schnucks to hire a public relations firm to help manage its reputation and
– Coverage available for PCI fines/penalties (subject to a policy sublimit).
While there are other coverage’s available such as, “Business Interruption”, “Cyber Extortion” and “Hacker Damage Costs”… in Schnucks case these coverage’s do not seem applicable based upon news reports of their data breach.
“Cyber Crime” insurance while not discussed above, could also have helped Schnucks with fraudulent funds transfer expense reimbursement, to help offset the fraudulent credit and debit card charges incurred by its customers.
The threat of data theft has been anything but decreasing, and it’s no surprise any longer when we read the daily headlines reporting on the recent cyber attacks and/or data breaches. However, this does not mean that organizations are given a break when they become the next victim. Organizations must quickly respond and most importantly make sure that their customers are notified when their sensitive information has been exposed so that they can be forewarned and on the lookout for any suspicious new charges on their credit/debit cards and other financial accounts. After all, that is why a quick response is required. Cyber/data breach insurance can help breached organizations quickly respond to its data breach and has a team of professionals waiting and ready to assist.
CYBER DATA RISK MANAGERS LLC is an Independent Insurance Agency specializing in Cyber Security and Data Breach response insurance. We offer solutions that help you quickly respond to cyber events and data breaches as well as to plan in advance for their occurrence. Given the ever changing nature of information assurance and compliance, you don’t want to be caught unprepared.
For assistance with your customized insurance proposal, call 1-(855) CUT-RISK Toll Free -or- complete the form below.