Connect with an Expert

Connect with an Expert

Cyber Liability Insurance: Privacy Breach Checklist

26 June 2018 Resources

When a privacy breach occurs, organizations must take action to deal with the situation promptly. Because of the speed with which leaked information can fall into the wrong hands, sealing and dealing with a breach must happen quickly. In terms of preventative steps, discuss your current plan with your insurance broker and create a company policy that fits your business and cyber safety needs. When responding to an incident, consider the following checklist that organizations must follow, designed to speed up the clean up.

  1. Preventative Measures

When a security leak occurs, things can seem to be moving at breakneck speed. This is why it’s a good idea to take preventative steps now, while you can accurately and calmly assess your system’s weak points and risk plan. Talk to an IT specialist about making your security system air tight. Your insurance broker is your first point of contact for everything risk and safety related; don’t hesitate to make use of them. Ask about cyber liability and what you can do now to prevent future attacks. McLean Hallmark’s unique approach to insurance provides clients with peace of mind, because we work hard to make sure all our clients are fully informed and protected from everything the world can throw their way.

What is a data breach and what insurance do I need?

A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual. Other occurrences may be less obvious, so you should discuss a more detailed breakdown of your needs with your insurance broker. It is a common mistake to believe that coverage already exists. This is a new form of crime which needs to be addressed with new coverage and a fresh approach.


  1. In the event of a breach, begin with containment

If a breach occurs, the first step is to contain the problem. Immediately do the following:

  • Stop the unauthorized action or practice
  • Recover any records/ shut down any system that has been compromised
  • Revoke access and/ or change access codes
  • Examine and correct any faults to electronic security
  1. Assess the extent of the damage

Once you’re sure the attack has been contained, you will want to assess the damage. Depending on how sensitive the compromised data is, you might need to inform your clients going forward. If a piece of leaked information can possibly lead to harm or precipitate a subsequent criminal act, you must warn those affected. Now is a good time to examine the type of personal information for which you are responsible. The more sensitive the information, the more risk is involved.

  1. Determine the cause and foreseeable harm

If you can identify the cause of the breach, you may be able to prevent a recurrence or stop an ongoing attack. Determine whether this event is an isolated incident, or a systemic problem that requires deeper analysis of your database. Determining long-term foreseeable harm may be tricky, examples can range from:

  • Security risk and physical safety concerns
  • Financial loss/ physical theft of property
  • Loss of future business
  • Harm to the reputation of both your organization and your database
  1. Notify your insurance broker and authorities

Notifying affected individuals can be seen as a mitigation strategy. But it also allows for those affected to properly protect themselves. However, not every circumstance requires notification. Talk to a broker to consider what the best course of action is.

After the affected individuals are notified, you may need to contact other authorities. If the breach constitutes a theft or shows evidence of another type of criminal activity, you are compelled to notify the police, privacy commissioners or credit card companies. This is why it’s advised that you document the event as best you can. This can be in the form of personal accounts as well as screen shots taken from your computer system. This is useful if you are required to provide evidence of the attack.