Reuters has released two informative articles about the data breach experienced by Equifax that highlights the breadth of regulation that gets involved.
Most companies do not realize that when a data breach occurs, both state and federal regulatory agencies get involved. It’s not just the company’s home state regulatory agencies that come knocking, regulatory agencies from every state that has a citizen involved in the breach get involved. To make matters worse, every state has different laws and requirements that must be adhered to with regards to notice, reporting and remediation – let alone fines and penalties.
The task of addressing and negotiating with each agency is overwhelming – and requires expertise in doing so. Cyber Liability insurance carriers have the personnel and expertise to do this – one of the most valuable aspects of such coverage.
While Equifax has been extremely fortunate in dealing with US regulators, they no doubt have employed vast resources to do so. This is in addition to the cost of notification and remediation efforts – which insurance can help with as well.