More firms buying insurance for data breaches

February 17, 2014

Deirdre Fernandes

Companies seek added protection

The threat of cyber hacking, underscored by the credit card breach at Target, is now so great that US businesses are rushing to buy insurance coverage against the expense of being hacked, or losing sensitive customer information.

One in three companies now has insurance to specifically protect against such losses. Last year, cyber insurance polices sold to retailers, hospitals, banks, and other businesses jumped 20 percent, according to Marsh LLC, a New York insurance brokerage firm that tracks the market.

Ultimately, the costs of these policies are picked up by consumers.

A decade since it was first introduced, cyber insurance has graduated from a splurge to a necessity propelled by a series of high-profile data breaches that have cost companies many millions of dollars.

South Shore Hospital purchased its first cyber insurance policy shortly after a data breach put the names, Social Security numbers, and health histories of its 800,000 patients at risk in 2010. The policy didn’t cover South Shore’s costs in that incident — including a $750,000 state settlement for privacy violations — but the Weymouth hospital’s executives decided they needed to be better prepared for the next one.

“Who would have thought about cyber insurance?” said Sarah Darcy, a spokeswoman for the hospital. “It’s such a new coverage to have to have.”

Target’s disclosure recently that hackers had stolen the debit and credit cards of 40 million customers and the PIN numbers, e-mails, and addresses of 70 million people has prompted even greater interest in cyber insurance, industry specialists said. These policies cover the costs of a data loss, from hiring investigators to find the source of the breach to providing credit monitoring for customers to enlisting public relations experts to help salvage the company’s reputation.

The Boston insurer Liberty Mutual, which has been selling primary policies for data breaches since 2011, said the Target data theft prompted executives who were debating whether to buy coverage to make the commitment and sign policies, said Oliver Brew, vice president of privacy and technology underwriting.

Liberty Mutual’s sales of these policies have jumped 30 percent from last year.

“It’s a huge growth potential,” Brew said of the cyber insurance market. “It’s an emerging risk.”