Cyber Liability: Data Breach Response

White Paper

Contrary to popular belief, cyber breaches will have an effect on nearly every business, if they have not already. In fact, Cyber Liability has garnered so much attention in recent years that in 2015, the White House press secretary noted that "cyber security threats and identity theft continue to rise... nine in ten Americans feel that they have in some way lost control of their personal information." The procurement of Cyber Liability insurance is occurring increasingly in efforts to combat the rapidly growing cyber exposures businesses are facing, and mitigate losses that may result when businesses engage in electronic activities, such as Internet sales and/or data collection within its internal networks. The policies cover a variety of expenses associated with data breaches, including notification costs, credit monitoring, defense costs, regulatory fines/penalties, and loss resulting from identity theft.  Although these policies afford coverage in the event of a loss, it is imperative that companies have a strategy in place to help mitigate the loss at the time a breach is discovered. According to a recent study by the Ponemon Institute, the average cost of a single data breach in 2016 was $4 million, an increase of 5.4% over the previous year, and 29% over 2013. According to a Juniper study, the total cost of all data breaches is expected to increase to $2.1 trillion by 2019. The approach to responding to a data breach can be separated into 4 phases - Discovery, Analysis, Formulation, and Response. 


  • Inventory the compromised data and chronologize events leading to breach.
  • Create an image of the original media for analysis, as well as a backup copy.
  • Examine the findings:
    o   Was the breach benign or malicious?
         -   Not all incidents result in stolen records.
    o   Who was affected?
    o   What was the source of the breach?
    o   What data types were involved?
         -   Name, Social Security Number, Credit Card Number(s), Health Insurance Information,
             Financial Aid Information
    o   What was the level of exposure?
    o   Was there 3rd Party Involvement?
    o   Was data accessed or exfiltrated?
  • Document findings in a fashion that would be upheld in a court of law, as regulators will want to see the company performed due diligence and was legally compliant. The company must show that a consistent, defensible method for incident risk assessment was used to serve as a basis for the decisions made.
  • Perform data analysis and forensics under attorney-client privilege.


  • Does this incident legally require notification?
    o   There are state, federal and international laws with specific notification requirements.
    o   The location of the company and the affected parties' residence will determine the legal requirements.
    o   Federal regulations such as the Gramm-Leach-Bliley Act and the Health Insurance Portability
         and Accountability Act also have requirements for notifying affected parties, as well as the media.
    o   If the incident is exempt from the notification requirement, consideration should be made about
         the risks to the affected parties and the company's reputation if it's decided not to notify.


  • Engage outside partners (Insurance Broker, Counsel, Breach Response Service Team).
    o   Insurance broker should be informed to notify the insurer of the breach.
    o   Outside counsel should be included as soon as possible so all communications and documentation
         are protected under attorney-client privilege.
    o   Breach response services should be selected beforehand to be prepared to work with the
         internal incident response team if a breach occurred.


  • If notification is decided or required, it should be tailored to client relationships and demographics.
    o   Have counsel review all notification correspondence to ensure regulatory compliance.
    o   Be considerate of the affected parties when drafting a response, taking into account how you
         would like to be treated had your personal information been stolen.
  • Notify regulatory agencies and the media.
  • Offer identity protection, monitoring and recovery services. Ensure there are sufficient resources
    to establish call-center services and/or crisis public relations.

2016 Data Breach Stats

Per Capita Cost by Industry

Root Cause of Data Breach


Jeremy MartinJeremy Martin - Account Manager 

Jeremy Martin joined Equity Risk Partners in 2011 as an Accountant, then later transitioned to servicing client accounts as a member of the Partners Service Group in 2014. Mr. Martin began to market and manage clients' Property and Casualty insurance as an Associate in 2015. 

Mr. Martin holds a Bachelor of Science in accounting from San Jose State University.

Contact Information:
Phone: (415) 874-7131


Chase DiwikChase Diwik - Assistant Account Manager

Chase Diwik joined Equity Risk Partners in 2015 as an Analyst in the Partners Service Group. after graduating from Clemson University.  Mr. Diwik holds a Bachelor's degree in marketing.

Contact Information:
Phone: (415) 874-7154


originalMichael Marcon - President, HUB International and Founder, Equity Risk Partners

Michael Marcon has more than 30 years of insurance experience, pioneering the delivery of insurance due diligence to private equity firms and specializing in alternative risk financing and transactional insurance products. Before launching Equity Risk Partners, Mr. Marcon was Executive Vice President of Aon Risk Services - Mergers and Acquisitions Group and he was instrumental in creating the Private Equity practice for Aon's predecessor company, Rollins Hudig Hall. He served as Regional Manager - Finance for Transamerica Corporation, as well as positions in Special Risk Financial and Capital Management for CIGNA Corporation. 

Mr. Marcon holds an undergraduate degree in economics from Ursinus College (where he was the former chairman of the board of trustees) and an MBA in finance from Drexel University. Mr. Marcon tweets from @mcm7464 and can also be reached through his blog, Michael Marcon Tweets, where he writes about business, tradition, and life.


Contact Information:
Phone: (415) 874-7101