How Large Companies Are Dealing With Data Breaches

By Chris Hidalgo

Find out how large corporations like Target, Neiman Marcus and others have recovered from data breach in the past year.

Image taken from the Wall Street Journal Jan. 13, 2014

Large corporations like Target, Neiman Marcus and numerous other retailers have had some form of a data breach in the past year. Even Yahoo Mail recently had a number of their email customer’s usernames and passwords stolen. Yahoo responded by resetting passwords for the accounts that were affected and said the company is working with federal law enforcement as part of its investigation.

But these companies can afford to lose millions of dollars and still have enough money to recover and protect themselves from future occurrences. For instance, Target has at least $100 million of cyber insurance. When it comes to having data breach protection, do you as a consumer or small business owner have the money and resources to pay for this?

Considering the cost of a response for a data breach, you can expect to pay between $10,000 and $100,000 just for a forensics expert to get to the root of the breach and contain it. Experts from multiple disciplines may be needed to mount a coordinated response to even a small incident. You would also need to pay for identity monitoring, identity restoration and notification, most of which are required by law but can vary by state. Not to mention that most traditional GL and E&O policies do not provide coverage for the costs associated with responding to a data breach.

Unfortunately, your business and standard property insurance do not cover your most important information. Even a business interruption insurance policy will not be able to help you if your systems fail because of a malicious employee, computer virus or a hack attack.

In most cases, human error is the root of a data breach. They can vary from emails being sent out to the wrong people to certain information being disclosed by mistake in response to a request. Other examples include lost, stolen or insufficiently disposed-of paperwork, as well as theft or loss of hardware.

According to an article in the Providence Journal, the most troubling part about the Target breach is not the data on the estimated 40 million credit and debit card accounts that were stolen. It is the personal information – personally identifiable information (PII) – on an additional 70 million customers the criminals also got their hands on, including names, mailing addresses, phone mail or email addresses.