Advertisement

Header Utility Menu

  • Subscribe
  • Advertise
  • Contact Us
  • Events

LinkedIn Facebook Twitter Instagram Get Our App

  • Login

Virginia Business

Mobile Menu

  • Issues
  • Industries
    • Banking/Finances
    • Law
    • Real Estate
    • Economic Development
    • Education
    • Energy/Green
    • Federal Contracting
    • Government
    • Healthcare
    • Hotels/Tourism
    • Insurance
    • Ports/Trade
    • Small Business
    • Startups
    • Technology
    • Transportation
  • Regions
    • Central Virginia
    • Eastern Virginia
    • Northern Virginia
    • Roanoke/New River Valley
    • Shenandoah Valley
    • Southern Virginia
    • Southwest Virginia
  • Reports
    • Best Places to Work
    • Business Person of the Year
    • CEO Pay
    • COVID-19
    • Generous Virginians Project
    • Legal Elite
    • Most Influential Virginians
    • Maritime Guide
    • Site Locator
    • The Big Book
    • Virginia CFO Awards
  • Company News
    • For the Record
    • People
  • Opinion
  • Lists
  • Awards/Events
    • Nominate a Virginia financial professional
    • Nominate A Woman in Leadership Today
    • 2022 Virginia Business Political Roundtable
    • Women in Leadership
    • Diversity Leadership Series
    • Virginia 500
    • Legal Elite
    • CFO Awards
    • Big Book of Lists
    • 100 People To Meet
    • Best Places To Work
  • Virginia 500
    • Read The Issue
    • Power Up Virginia 500
    • Buy an award plaque
    • Suggest execs for 2023

Advertisement

Header Primary Menu

  • Issues
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • Issues Archive
  • Industries
    • Banking/Finances
    • Law
    • Real Estate
    • Economic Development
    • Education
    • Energy/Green
    • Federal Contracting
    • Government
    • Healthcare
    • Hotels/Tourism
    • Insurance
    • Ports/Trade
    • Small Business
    • Startups
    • Technology
    • Transportation
  • Regions
    • Central Virginia
    • Eastern Virginia
    • Northern Virginia
    • Roanoke/New River Valley
    • Shenandoah Valley
    • Southern Virginia
    • Southwest Virginia
  • Reports
    • Best Places to Work
    • Business Person of the Year
    • CEO Pay
    • COVID-19
    • Generous Virginians Project
    • Legal Elite
    • Most Influential Virginians
    • Maritime Guide
    • Site Locator
    • The Big Book
    • Virginia CFO Awards
  • Company News
    • For the Record
    • People
  • Opinion
  • Lists
  • Awards/Events
    • Nominate a Virginia financial professional
    • Nominate A Woman in Leadership Today
    • 2022 Virginia Business Political Roundtable
    • Women in Leadership
    • Diversity Leadership Series
    • Virginia 500
    • Legal Elite
    • CFO Awards
    • Big Book of Lists
    • 100 People To Meet
    • Best Places To Work
  • Virginia 500
    • Read The Issue
    • Power Up Virginia 500
    • Buy an award plaque
    • Suggest execs for 2023

Home Opinion Preparing for a data breach: The construction industry is no exception

Preparing for a data breach: The construction industry is no exception

Published February 5, 2016 by Collin J. Hite

Data breaches continue to escalate and garner national attention. The most recent news-making incident was the hack of electronic toy maker, VTech. The Risk Insurance Management Society’s Cyber Survey in May 2015 provided important benchmarking information for risk managers continuing to grapple with data security and procurement of cyber insurance. Some of the important takeaways include: that most companies either have standalone cyber insurance at this point, and the rest are seriously considering it now. Companies of all sizes — and across all industries — need to consider cyber insurance as part of their overall program.

The situation is getting so bad that businesses, large and small, finally are realizing that the question is not if they will get breached, but when. The construction industry is not immune from data breaches. 

For example, national retailer Target was breached when hackers accessed the HVAC company’s network that was tied into Target’s computer system. Target has spent well over $100 million responding, and that HVAC vendor is bankrupt.

Those in the construction industry need to remember, the issue is a privacy breach, not just a cyber breach. That means that paper is still a source for an old-fashioned privacy breach. Many industry sectors, including construction, still mistakenly believe that, if they do not deal with the general public as customers or possess a lot of credit card information, they are not at risk. Not true. The Target case is a classic example of how wrong that thinking is today.

How data privacy insurance helps prepare for a breach response

For most companies, the significant costs associated with responding to a data privacy breach cannot be borne internally. Robust data privacy insurance is required to shift the risk for the company. Going through the process of purchasing such insurance is the first step to good coverage and a strong response plan. The premiums and policy limits are relative to a company’s risk, so that ratio allows a business of any size to consider such coverage.

However, insurance underwriters are very cautious and equally thorough in issuing data privacy insurance. Because the new digital order with respect to cyber is not if a company is breached but when, insurers require an extraordinary amount of due diligence in the underwriting process. Those in the construction industry that go through the process will learn a tremendous amount about the current state of their network security and response plan. Information learned in this process can be useful for companies to find the gaps and upgrade their security, protocols and insurance coverage. Policyholders will be required to fill out extensive questionnaires from the insurer and likely allow an onsite visit. All of the information gathered in the process not only informs the insurer as to whether it wants to issue a policy, but can prove invaluable to the company when it comes to developing a strong network defense and response.

Benefits of planning ahead for your response

A comprehensive data incident response is now “a must,” whether the business owns data privacy insurance or not. As noted, the process of placing insurance coverage can provide valuable insight for creating the strongest response plan possible. There are measurable benefits to being well prepared for a data breach. Obviously, a thorough and tested plan will make for a more effective and efficient response. Mistakes made during the first 72 hours of an incident can increase the costs in responding by two to three times. An efficient response can also prevent a loss of sales, income and stock pricing. Customers who are comfortable with a company’s response are less likely to stop doing business with it in the days following the breach and in the long-run. A proper and effective response protects the company’s brand reputation. The bigger the company, the harder they fall when it comes to a botched response to a breach event.

A preplanned response is even more critical for those in construction that are accessing a customer’s computer network or possess sensitive data. Contracts may require the general contractor or subcontractor to handle aspects of the response, work on complying with notification laws and indemnify the client. Plus, it is becoming common for owners to require general contractors and subcontractors to carry cyber insurance. Everyone needs to know what the contract requires.

A true cyber policy is an insured’s best protection

Businesses can obtain cyber insurance for losses. It is critical to understand the full scope of the coverage you buy. Insurance to protect your property and network can include: 1) computer data restoration; 2) re-securing a company’s information network; 3) theft and fraud coverage; 4) business interruption; 5) forensic investigations; 6) crisis and public relations management; and 7) extortion. Commentators note that first-party losses are usually the higher costs to a business suffering a cyber-attack, so adequate coverage in this area is vital.

Organizations also need liability coverage as well. Of course, most coverage in this area will provide for a defense to litigation brought by customers for their direct losses due to a breach. However, insurance may also cover: 1) PCI-DSS liability; 2) credit monitoring for customers; 3) the cost associated with notifying customers of a breach; 4) media and privacy liability; and 5) responses to regulatory investigations. Policyholders can obtain DIC coverage under certain aspects of first- and third-party coverages.

The policy forms among the difference carriers vary tremendously, and policyholders must be vigilant to ensure they purchase the right coverage. Insureds must look well beyond the declarations page and coverage grant when considering this type of insurance, although those are obviously important. The devil is in the details.

Having gone through the exercise of purchasing data privacy insurance coverage, a company can best develop and response plan and is prepared ahead of time. The process will allow your business to prepare in the following ways:

• Develop a strong response team;
• Identify response capabilities and external resources;
• Establish relationships with law enforcement and regulators;
• Create and test your plan prior to an actual event; and
• Anticipate communication, remediation and notification pitfalls.

Time spent upfront from an in-depth analysis when considering such insurance may prevent the type of coverage fight many policyholders are facing in order to get the coverage they paid for from their insurer.  Regardless, the response plan is a must for all companies unless they just prefer to go out of business.

Collin Hite leads the Insurance Recovery Group and the Data Privacy & Security practice at the law firm of Hirschler Fleischer in Richmond. He handles insurance recovery and coverage litigation nationally, and performs insurance policy and program audits for policyholders. Hite may be reached at (804)771-9595 or [email protected].

 

Related Stories

No related posts.

Trending

Great expectations

Small yet mighty

The 50 largest Virginia charities

Va. Beach economic development director to depart

NNS announces senior leadership changes

Sponsored Stories

Are you the biggest target for cyber security bad actors?

Preparing a Domestic Less-Than-Truckload (LTL) bid in Today’s Market

P.A.I.N.T. Your Financial Mountain

Advertisement

Advertisement

Trending

Great expectations

Small yet mighty

The 50 largest Virginia charities

Va. Beach economic development director to depart

NNS announces senior leadership changes

Sponsored Stories

Are you the biggest target for cyber security bad actors?

Preparing a Domestic Less-Than-Truckload (LTL) bid in Today’s Market

P.A.I.N.T. Your Financial Mountain

Get Virginia Business directly on your tablet or in your mailbox!

Subscribe to Virginia Business

Advertisement

Advertisement

Footer Primary Menu

  • virginiabusiness.com
  • Subscribe
  • Advertise
  • About Us
  • Contact Us

Footer Secondary Menu

  • Industries
  • Regions
  • Reports
  • Company News
  • Events

Sign Up For Our Newsletter

Sign Up

LinkedIn Facebook Twitter Instagram Get Our App

Privacy Policy Cookie Policy

Footer Utility Menu

Copyright © 2023 Virginia Business. All rights reserved.

Site Maintained by TechArk