American consumers might be excused for the love-hate relationship they have with the businesses that gather and collect personal information about them.
On one hand, consumers enjoy the benefits of targeted marketing that is enabled by data collection on their shopping and buying habits but, on the other hand, they have almost no faith and confidence that businesses will protect their personal data and prevent it from falling into the hands of a cyberattacker.
Every new story about data loss in a cyberattack, including, for example, Home Depot’s announcement that hackers had purloined the credit card information of more than 56 million of its customers, further erodes what little trust consumers still have in businesses.
An ironic aspect of this situation is that consumers generally take few of their own precautions to protect their personal information. They rely on businesses to protect that information and hold businesses accountable when that protection fails.
Businesses can recover some degree of consumer trust after a data breach by following a five-step approach:
- Apologize and accept responsibility for the data breach;
- Neutralize the damage by reimbursing consumers for losses;
- Prevent further data breaches;
- Rebuild with sales, discounts, and other promotions to bring consumers back to the business; and
- Reward consumers for their loyalty.
Target followed this approach after it was hit with a data breach in 2013 that resulted in a loss of more than 40 million customer records. Shortly after regaining control of its systems, the company published a full-page apology in several newspapers and implemented new data security procedures. The company also reimbursed more than $10 million of customer losses and settled litigation for $39 million.
The long-term effects of the breach on Target’s health remain to be seen. Large companies like Target are fortunate to have ample resources to respond to the data breach quickly and to reimburse customers and settle lawsuits. Small and midsize companies, and even several large companies may not be so fortunate, particularly if the costs of data breaches grow.
A 2016 IBM study suggested that the average cost of a data breach rose to $4m, and that every company, regardless of size, has a one-in-four chance of being the victim of a data theft loss. In view of the increasing cost and likelihood of a data theft loss, companies need to have a viable plan to meet the second of the five steps as they recover their customers’ trust and confidence, namely, they need a source of reimbursement to cover customer losses.
Cyber insurance companies are the best source for that reimbursement. When a data breach happens, the victimized company will devote the bulk of its initial efforts to closing the breach and preventing further damage. Management can get distracted from that task if it is simultaneously focusing on marshaling the necessary finances to cover any potential reimbursements. Many small and mid-size businesses will not have the spare cash to handle those reimbursements, further adding to the stress of a data breach.
Cyber liability insurance is available for all size companies to compensate for direct losses to servers and data storage devices that are affected by the breach. More critically, that insurance can cover a substantial portion of a company’s reimbursement obligations to help the company recover its customers’ trust and confidence as quickly as is possible. Lastly, cyber insurance companies can work with their clients to erect new barriers against further data breaches and to implement programs that keep the companies afloat following a data breach.
Customer confidence is the lifeblood of any business, and cyber liability insurance can protect that lifeblood and keep the company alive after a data breach disaster.