I launched a “Monthly Maintenance Club” using a recurring billing app. Hackers breached the app’s database (or my computer) and stole the credit card info of 50 clients. They are seeing fraudulent charges. I am legally required to notify them and pay for credit monitoring.
Key Takeaways
- Data Breach Exclusion: Standard General Liability policies exclude data breaches and cyberattacks. You have zero coverage for this crisis without a specific rider.
- Notification Laws: You are legally required (by state law and GDPR/CCPA) to notify every affected customer. This costs money (letters, call centers).
- PCI Compliance: If you were storing credit card numbers in an Excel file (non-compliant), you might be fined by Visa/Mastercard, and insurance might deny the claim for negligence.
- Cyber Liability Insurance: You need a Cyber Liability policy. It covers notification costs, legal defense, and credit monitoring for victims.
The “Why” (The Trap): “Electronic Data”
GL protects physical property.
Data is not physical.
Therefore, the theft of data is not “Property Damage.”
You need a policy designed for Digital Assets.
As you move to subscription models, you become a data custodian.
The Investigation: “I Called Them”
I asked about a small business data breach.
1. Standard GL
- Verdict: Denied.
2. Cyber Liability Rider (The Hartford)
- Cost: ~$500/year.
- Coverage: $50,000 for notification and defense.
- Value: Essential for subscription businesses.
3. Third-Party Processor (Stripe/Square)
- Analysis: If you use Stripe, they hold the data. If they get hacked, it’s their problem. If you get hacked (someone logs into your Stripe dashboard because you had no 2FA), it’s your problem.
Comparison Table: Data Breach Costs
| Expense | Without Cyber Ins. | With Cyber Ins. |
| Notification Letters | $5 per person | Covered |
| Credit Monitoring | $200 per person | Covered |
| Fines/Penalties | You Pay | Covered (Usually) |
| Legal Defense | You Pay | Covered |
Step-by-Step Action Plan
- Use a Processor: Never store CC numbers on your computer or in a notebook. Use Square, Stripe, or Urable. Let them handle the security.
- Enable 2FA: Turn on Two-Factor Authentication for your billing admin panel. This stops 99% of hacks.
- Buy Cyber Rider: Add “Cyber Liability” to your BOP (Business Owners Policy). It’s cheap insurance against a digital nightmare.
- Notify Quickly: If breached, call your insurer immediately. They have “Breach Coaches” to guide you on the legal timeline.
FAQ
Q: I only have 20 subscribers. Do I need this?
A: Yes. One lawsuit from a wealthy client whose identity was stolen can ruin you.
Q: Does “Crime Insurance” cover this?
A: Crime covers your money being stolen. Cyber covers your liability for losing their data.
[IMAGE: Graphic showing “Hacker” -> “Your Database” -> “Cyber Insurance Shield”.]