• Back to quick summary
  • Insuring Your Business Against a Security Breach
    Game Plan

    How to Respond to a Data Breach

    Since data breaches are becoming more common, how you respond to one can go a long way in maintaining your business reputation and keeping you from losing the trust of your customers.

    As with any crisis, a quick and decisive response is critical. But here’s the problem: most breaches go undetected for a long time. A 2016 report by FireEye found it took companies in the world an average of 146 days to detect a data breach. A separate report found 81 percent of data breaches aren’t detected until news reports, law enforcement notifications, or external fraud monitoring. The longer a breach goes undetected, the more harm it can do to your business.

    If you are unfortunate enough to experience a data breach, here are some suggestions on how to respond:

    • Stay calm and take the time to investigate thoroughly. You might be tempted to quickly patch a hole so you can get your business back up and running, but this could leave you vulnerable to another breach.
    • Get a response plan in place before you turn the business switch back on.
    • Notify your customers and follow your state’s reporting laws. Not following through on this could subject you to penalties and further legal troubles.
    • Call in your security and forensic experts to identify and fix the problem.

    Need Business Insurance?

    For more than 200 years businesses have trusted The Hartford. We can help you get the right coverage with an online quote.
    Game PlanGame Plan

    Game Plan

    • Consider buying data breach insurance. Your policy should cover costs for:
      • Responding to a data breach, including forensic investigations.
      • Notifying affected customers.
      • Developing crisis management plans, along with PR and advertising campaigns to repair your image.
      • Legal defense and liability requirements, such as civic awards, settlements and judgments.
    • Develop a data breach response plan before you have a problem and test it periodically with some “what-if?” scenarios.
    • Read more about what each state requires for security breach notification