Anatomy of a Privacy Breach

Anatomy of a Privacy Breach

Picture this.
You’ve taken a rare holiday to visit relatives abroad. While you’re sipping your first cocktail of the evening your phone chimes. It’s the office back home. Your database administrator needs to notify you of a problem at your network services provider. The cause is not yet clear but the contingency plans worked well and the network is back up and running. Everything seems to be okay. You go back to your drink.

The next day you get an update. It’s now thought a hacker was involved and there’s a chance customer records were compromised. Somehow, the local TV news has the story and they’ve called your office asking for a comment. Your holiday comes to a premature end. Your IT team needs specialist help assessing exactly how the hacker got in and what data was stolen. Your operations director needs you to urgently approve a £15,000 retainer for a computer forensics specialist to help investigate the breach. He tells you that you have to do this if you’re to have any hope of maintaining PCI DSS compliance.

By mid afternoon the following day the story has broken on the news services and your receptionist is overwhelmed with calls from anxious customers and the media. A lawyer who claims to represent “concerned parties” has also been in touch. You need to ramp up your PR and hire additional resources - fast.

By the end of the week the network forensics are still ongoing but you don’t yet know the full extent of the breach. It looks like payment records may be involved. It’ll take at least another ten days and another £10,000 to ascertain the full details – money that your CFO says isn’t in your budget. Your counsel also urgently needs to know exactly what data were compromised in order to comply with breach notification legislation.

The regulator has launched a formal investigation. You and several colleagues must attend hearings. A payment card issuer’s fraud department has written to warn you that if your merchant’s database was compromised, you may be contractually liable for losses.

By the time the dust settles:

  • You’ve had to settle a costly class-action lawsuit brought on behalf of breach victims.
  • In addition to the cost of having employees’ time taken up with the investigation - you’ve been hit with a hefty fine by regulators.
  • You have to pay upfront for a 12-month credit monitoring service for all those people who were affected by the breach.
  • The payment card issuer has increased the fee-per-transaction you have to pay.
  • You must commission specialist data security reports to demonstrate continued PCI-DSS compliance.
  • The unexpected legal costs, damages, computer forensics, PR and crisis management expenses are crippling – they hit profitability, causing a dip in your share price and forcing you to defend another legal action – this time brought by disgruntled shareholders.
  • The reputational damage you’ve suffered is unquantifiable.
Cyber Risks Space Invaders 2

“I like that you can put together a small package suitable for us as a startup and that this can easily be adapted as our needs develop without breaking the bank on the way”

Mark K, CEO, Tech Start-Up

 

Ready to work with us?

You can call us to talk more about your business on +1 646 665 7737

What's Covered?

Monthly Payments
Cancel Anytime
Benchmark Us
Quote within 24 hrs

About La Playa Science & Technology

Specialist & Independent

Specialist & Independent

La Playa's specialist Science & Tech team can help you protect your business with smart, flexible, high-performance insurance - with a friendly human UI. We understand the risks and pressures you face - and we speak your language.  We’ll support you with great advice - helping you make good decisions for your business. 

Advice You Can Trust

…from an expert who understands you

Tech-based business is 24/7, global and borderless, always exposing you to new risks and liabilities - often in unfamiliar places. As the law struggles to keep pace with technology, insurance can provide a real safety net if you fall foul of changing legislation.

  • Specialist insurance for science and technology
  • Independent professional advice
  • Relationship-based service: right beside you when you make a claim
  • “Can do” culture
  • Seamless insurance across US and UK
     
Photo from Science & Technology
Photo of Elaine Lamb

Elaine Lamb

DIRECTOR, LA PLAYA INTERNATIONAL

Direct Dial: 646 583 1574

Email: elaine.lamb@laplayainsurance.com

Twitter: @elamblaplaya

+1 646 665 7737
+44 (0) 20 3865 0149
+44 (0) 1223 200650