Cyber coverage: Four real-life stories of business recovery

Posted in Business

When a data breach occurs, the damage it can cause to your business can be debilitating. In fact, among companies hit by a data breach, 76% say it’s just as disruptive if not worse than a natural disaster or fire.1

But many small and medium-sized businesses either remain unaware of cyber coverage altogether2 or consider it an unnecessary investment.

So, how does cyber coverage help keep your business up and running in case of a data breach? In a previous article, we explained the difference between a data breach, third-party data loss and ransomware or extortion, and how cyber coverage can help keep your business afloat.

Still not sure if your business needs cyber coverage? For a better idea of how cyber coverage can help, check out these real-life examples of how Grange’s partner and industry leader, IDT911, was able to help businesses recover.

The wrong kind of credit card slip

A small online merchant was in the process of transferring its data and redesigned website to a new host when the old website was hacked. The bad guys gained access to nearly 30,000 credit card numbers dating back nearly five years. Even though it’s illegal to hold on to these numbers so long after the transaction, the merchant still needed to inform its customers of the breach. IDT911 suggested that the merchant filter out all the card numbers that were still active, which reduced the affected group to 12,000. Then IDT911 worked with the merchant’s legal counsel to determine if it was worth informing the group (it was), provided a notification letter and FAQ template, and access to the IDT911 Fraud Resolution Center where customers could get advice on further protecting themselves. IDT911 also helped the merchant prepare for litigation against the host who caused the breach in the first place. – IDT911


Leased photocopier leads to breach

A news organization bought a photocopier that had once been leased to an insurance company. The media group’s investigative reporter discovered that the copier’s internal hard drive still contained all the information that had been copied by the insurer. The journalist contacted the insurer because it was planning a news segment about the data risks copiers pose to protecting sensitive personal information. IDT911 worked with the insurance client to determine what information had been leaked and provide a notification letter template. It referred the client to a special PR firm to handle the on-camera interview for the news segment. The resulting televised story was very respectful, did not single out or attack the client, and regulators decided not to take action based on the facts presented. – IDT911


Data falls off truck

An insurance company hired a third-party security transporter to relocate several hundred tapes of backup data. Two tapes were unaccounted for at the new location. A truck surveillance video showed that the two tapes had fallen off the back of the truck during the loading process. The client called IDT911 to help assess the breach, and discovered that all of the information pertained to former clients. Since the information did not relate to current policyholders, IDT911 recommended low-cost monitoring that also protected the insurance company’s liability. – IDT911


IT oversight leads to breach

When a sheriff’s department updated its databases, critical information was placed on a standard, non-secure server. The personal information of more than 200,000 officers, prisoners and informants was exposed for eight months due to an IT oversight—until someone voiced concern about the personal data appearing on search engines. The sheriff’s department contacted IDT911 to determine whether it should consider fraud remediation. IDT911’s team took into account several factors, including the large number of individuals exposed and whether the department could be sued. The department decided to respond to specific safety concerns rather than launch a consumer-based protection campaign. Monitoring and fraud resolution were determined impractical. – IDT911


Cyber coverage is rapidly evolving and determining your risk and needs is essential. The best way to find what fits your business is to speak with an independent agent. Your agent will review your business exposure, different coverage options and make the best policy recommendation for you.

1 – Ponemon Institute 2016 Cost of Data Breach Study: United States
2 – Software Advice, Should SMBs Invest in Cyber Insurance, IndustryView 2015

Please contact a local independent Grange agent for complete details on coverages and discounts. If the policy coverage descriptions in this article conflict with the language in the policy, the language in the policy applies.


Related resources