Only a few months before they were hit with a crippling malware attack in early 2013, Dead River Company, a Maine-based fuel oil and propane provider, enrolled in a cyber insurance policy. Even though the coverage was incomplete and included only specific categories of expense, Dave Widener, director of IT and project management, said he was glad the policy was in place.
“It created structure for us during a time when pandemonium and panic were ruling the day,” he recalled. “It did cover approximately half of our expense outlays for remediation, and the access to world-class cybersecurity resources and tools as part of the coverage also made remediation and network recertification much easier.”
Those resources could include a breach coach, typically an attorney well-versed in privacy laws that are subject to vary across state lines in the U.S.
[ Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial! ]
McGuire explained that with companies outsourcing the servicing of their massive amounts of data that’s become too cumbersome to manage internally, they have to know their vendors are protecting that valuable information. State laws dictate that the onus falls on the owner of the actual data, not necessarily the party that allowed the breach to occur.
“Insurance is the back stop when a company is facing financial litigation,” he explained. “It could be when a system failure occurs, not necessarily a cyber attack, that results in lost income and expenses to rebuild destroyed data assets.”