Auto Insurance AUTO

Auto insurance protects you against financial loss if you have an accident.

Read More
Homeowners Insurance HOMEOWNERS

A standard policy insures the home itself and the things you keep in it.

Read More
Flood Insurance FLOOD

Typical homeowners policies exclude flood damage. Get coverage now.

Read More
Earthquake Insurance EARTHQUAKE

Earthquake claims are best covered with a standalone policy.

Read More
Business Insurance BUSINESS

Discover the perfect insurance options to meet your specific and unique needs.

Read More
Life & Health Insurance LIFE & HEALTH

Learn about different health coverage options that fit your needs.

Read More

What’s worse than a massive data breach? Not reporting it.


Yahoo learned this lesson the hard way. The former Internet giant has been under intense scrutiny for revealing that at least 500 million of its user accounts were stolen back in 2014. It now faces multiple class action lawsuits and its sale to Verizon could be in danger.

These rules don’t apply just to big corporations: any small business that collects customer information also has important obligations to its customers. In fact, 47 states have their own data breach laws.


More than half of U.S. businesses have experienced a cyber-attack in the past year forty-three percent of hack attacks in 2015 were against small businesses, according to Symantec’s 2016 Internet Security Threat Report.


Here’s what you should do once you’ve learned that your company has been hacked:

1.      Inform customers immediately: Once you know a breach has occurred, by law you are required to inform customers whose data has been compromised. State laws may vary on how quickly you need to get the word out. Generally speaking, the sooner the better “speed is of the essence,” says Thomas Brown, managing director in charge of the cyber-security and investigations practice at Berkeley Research Group.

2.      Send a written notification: You’ll need to send a written notification to every customer, that clearly states a data breach has occurred, when it occurred, and what kind of information was compromised. You’ll also need to say what the company is doing to provide a remedy, and what actions customers can take. Remedies may include directing people to a website or a 1-800 number set up by the company, where they can get additional information. You may also want to supply contact information of the three credit monitoring agencies, Equifax, Experian and Transunion, which can put fraud alerts on consumer accounts.

3.      File a notice of breach: If you notify more than 500 customers about a breach, many states will also require you to file a notice with your state attorney general’s office.

4.      Implement an ‘incident response’ plan: Have an “incident response” plan in place. It should be updated at least once a year. It should have telephone numbers for attorneys, IT forensic experts, Insurance agent, and vendors who can help with customer outreach. It should also have what your computer network looks like, so you can easily identify the potential vulnerabilities.

5.      Notify local and federal authorities: It’s not a requirement in most instances, but it could be extremely helpful, as the hack attack against your business might be part of a coordinated attack by criminals.

6.      Consider cyber insurance: Policies can be purchased from most major insurance carriers for between $5,000 and $10,000 per $1 million in protection. Policies will generally cover things like legal and forensic fees, expenses related to customer outreach, costs for providing customer credit monitoring, and court costs related to civil litigation and class actions. Many policies come pre-loaded with access to online portals that let you connect immediately with the experts you’ll need following a breach.

7.      Come up with a contingency plan: Data theft can shut down your business for weeks or even months while IT experts work to secure your network again. You’ll need to do serious damage control with your existing customers, and figure out a way to keep sales channels open. Having an incident response plan in place and testing it to ensure it is successful is key. While most businesses focus on how to avoid falling victim to a data breach, it is important to ensure your organization knows how to respond in the event one was to occur.


Posted 7:16 PM

Share |

No Comments

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2013
  • 2012
  • 2011
  • 2010

View Mobile Version
© Copyright. All rights reserved.
Powered by Insurance Website Builder