Data breaches can happen to anyone – how cyber insurance impacts your response 

Cyber attacks are becoming a major area of concern among businesses in all industries. From healthcare to tourism, hackers are making their mark. However, cyber insurance is a great way to help combat this problem writes Edwin Concepcion, Country Manager, the Philippines, Straits Interactive

Data breaches, as we have seen increases in recent years, can happen to any organisation despite their best efforts to avoid them.

In today’s digital age, data privacy has become a top priority for businesses and organisations. Many countries have enacted laws and regulations that require companies to take steps to protect personal information in various ways.

And even if an organisation is in a low-risk sector and handles a minimal amount of personal data, they can be attractive targets for cyber attacks. Cyber insurance can help an organisation to bear the costs of responding appropriately in the event of a data breach.

Furthermore, data privacy is crucial for the long-term success of a business. A data breach can cause significant damage to a company’s reputation and customer trust, which can be difficult or impossible to recover from.

A recent report found that nearly 80% of companies surveyed have had to use their cyber insurance, and more than half of them have made use of such coverage more than once.

This reinforces the idea that, by taking out cyber insurance, a company can take steps to protect its reputation and retain customer trust after a data breach has occurred.


Cyber insurance is a growing necessity for businesses in any sector because of the increasing frequency and severity of cyber attacks.

As technology continues to advance and more business operations move online, particularly in the wake of the Covid-19 pandemic, the risk of a cyber attack becomes greater. These attacks can lead to a loss of sensitive data, financial losses, and reputational damage.

Some notable high-profile data breaches in recent years include:

  • Marriott International: In November 2018, Marriott International announced that the personal information of approximately 500 million guests had been compromised in a data breach that had been ongoing since 2014. The organisation suffered more data breaches in 2020 and 2022.
  • Equifax: In September 2017, credit reporting agency Equifax announced that a data breach had occurred, compromising the personal information of 143 million Americans, including Social Security numbers and birth dates.
  • Yahoo: In 2016, Yahoo announced that a data breach in 2013 had compromised the personal information of 1 billion users, including email addresses and telephone numbers. The organisation also suffered a breach in late 2014.
  • SingHealth: This 2018 breach exposed the personal information of 1.5 million patients, including the Singapore Prime Minister’s personal information. SingHealth was fined SGD250,000 and the public health IT provider IHiS was fined SGD750,000 – combined, this is the largest fine for a data breach to date in Singapore.
  • Cathay Pacific: In October 2018, Cathay Pacific announced a data breach that affected 9.4 million passengers. Hackers accessed personal information, including passport numbers, credit card details, and travel histories.

By providing coverage for costs associated with a cyber attack, such as legal fees, data recovery, and crisis management, cyber insurance can help protect a business from these risks.

Having said that, here in the Philippines, I have observed that cyber insurance has not yet taken off as the market does not seem ready to bear the costs associated with such coverage.

Globally, there are concerns that cyber insurance premiums could grow too costly in the face of greater cyber risks, although an insurance broker has said that providing documentation of proper risk management measures can help bring premiums down.


Data breach costs is calculated by taking into account a variety of factors, including the cost of investigating the breach, notifying affected parties, remediation and mitigating business disruption.

In greater detail, such costs include the hiring of a forensic investigator, as well as the cost of any legal fees associated with the investigation; the cost of sending out notifications to affected individuals, as well as any costs associated with providing credit monitoring services to those individuals.

There is also the cost of fixing any vulnerabilities that led to the breach, as well as the cost of any security upgrades that may be necessary to prevent future breaches; and the cost of any lost revenue or productivity that may result from the breach, as well as any damage to the company’s reputation.

The average cost of a data breach is highly dependent on the specific circumstances of the breach, but it can range from a few thousand dollars to tens of millions of dollars.

It is important to note that the cost of a data breach can be significantly higher for larger organisations, and can also vary depending on the industry and region.


When considering cyber insurance, businesses should consider their specific needs and risks, as well as the coverage offered by different insurance providers.

They should also consider the cost of the insurance, as well as the company’s reputation and track record in handling cyber insurance claims.

First-party cyber insurance covers losses that a business experiences directly, such as data breaches, network failures, and other cyber attacks, while third-party cyber insurance covers losses that a business experiences as a result of a cyber attack on a third party, such as a supplier or customer.

Other forms of insurance include cyber extortion insurance, covering losses that a business experiences as a result of a cyber attack that results in the extortion of money or sensitive information, and business interruption insurance, for losses that a business may experience as a result of a cyber attack.


The outlook for security and safety when it comes to personal data is uncertain.

While companies and organisations invest more in cybersecurity measures to protect against data breaches, hackers are becoming increasingly sophisticated and constantly evolving their tactics and techniques to bypass security measures and gain unauthorised access to sensitive information.

Additionally, with the rise of the internet of things and connected devices, the number of potential entry points for hackers is increasing.


1.  Data breaches can be costly

A data breach can result in a significant financial loss for a company, damage its reputation and erode consumer trust. Costs can include those related to incident response, settlements and fines, and any legal fees that may arise. Cyber insurance can help cover these costs. In 2022, the global average total cost of a data breach was calculated to be US$4.35 million.

2. Such breaches can happen to any company

No company is immune to the risk of a data breach. Even companies that have strong security measures in place can still fall victim to a cyber attack. Cyber insurance can protect companies of all sizes, in all industries; while premiums are rising amidst growing demand, they remain affordable for those able to document sound cybersecurity and risk management processes.

3. Cyber insurance can help with incident response

In the event of a data breach, having cyber insurance in place can help a company respond quickly and effectively. Many insurance policies include access to incident response services, such as hiring a forensic investigator or public relations firm to help mitigate the damage. It also covers costs related to notification and credit monitoring services for affected individuals.

4. It can provide liability protection

If a data breach results in the personal information of customers being compromised, a company may be held liable for damages. Cyber insurance can provide liability protection and help a company handle legal claims related to a data breach.

5. It can also help with compliance

Many industries are subject to regulations regarding data privacy, such as HIPAA for healthcare providers and PCI DSS for companies that process credit card transactions. Cyber insurance can help a company comply with these regulations and avoid costly fines.

In conclusion, cyber insurance for data privacy is worth taking out, for companies of all sizes, as it can provide financial protection and access to experts in the event of a data breach or cyber attack. Additionally, it can help ensure compliance with laws and regulations, and protect a company’s reputation and customer trust.

With the increasing frequency of cyber attacks, it is important for businesses and organisations to consider cyber insurance as a necessary part of their overall risk management strategy.

Taking up a cyber insurance policy can also include additional services such as risk assessment, incident response planning, and employee training, which can help a company become more proactive in managing cyber risks.

An adequately insured company, especially one that also has documented processes to manage risk, can be better prepared to handle a data breach, minimise the damage, and get back to business as quickly as possible.