Long before business owners want to retire, perpetuation planning must begin.  The absence of a plan can be devastating to a business. 

A common topic of conversation across many industries, it is not uncommon for some contracts to even require some sort of a perpetuation plan in place so those businesses contingent on yours know there is a plan for your operations to continue.  The next generation taking over the family business, internal perpetuation amongst business partners, perpetuation through plans to sell; regardless of what your plans may be, it is important to protect against the unforeseen in your planning process. 

Ask yourself:  does your perpetuation plan include filing bankruptcy in response to a data breach you failed to plan for? 

American Medical Collection Agency’s Probably Didn't Either

Winston Churchill is credited with saying: “He (or she) who fails to plan is planning to fail”.  Whether it is a perpetuation plan, a Cyber Incident Response Plan, or simply preparing a grocery list to plan for your shopping trip, having the proper plans in place can set you on the path to success.  Cyber Liability policies provide businesses with an action plan.  Step 1:  Call the insurance carrier. 

American Medical Collection Agency (AMCA) is a third-party independent debt collection agency helping businesses to collect on delinquent accounts and helping to prevent bad debt from occurring in the future.  They have been in business over 42 years and are now filing for bankruptcy just weeks after disclosing a data breach that affected their largest clients and millions of patients.

Not only was AMCA impacted by the breach and costs associated with the breach itself, they also suffered a “severe drop-off in their business” following the incident.  Many of the companies they worked with terminated their contracts in light of the data breach the business suffered.  Ask yourself, what would your business look like after its largest clients abruptly left? 

What Costs Did AMCA Incur In Such An Event?

• Forensics Costs – IT Professionals and Consultants to identify the source of the breach, diagnose its cause, and implement appropriate solutions. It is stated “to date these expenses alone cost AMCA approximately $400,000”.
• Regulatory Obligations – Following a breach, a company has a number of legal requirement and regulatory obligations to provide to those impacted. These requirements can vary by state and can be very costly to coordinate. It is stated “the company had to spend in excess of $3.8 million dollars to mail well over 7 million individual notices”. 
• Reputational Damages – it is difficult to quantify how devastating this can be for a business. But losing the largest clients as a result of an incident can be incredibly impactful on an organization’s bottom line.
• Resulting Class Action Lawsuits – since the revelation of the data breach it is stated that more than a dozen class action lawsuits have been brought forward against the company or their clients.

The Importance of Cyber Liability Coverage

The fact that the impact of a cyber related incident can force a business into bankruptcy should be eye-opening for business owners across all industries.  Bank Info Security’s article on the matter shares lessons that can be taken away from this incident, “the events themselves are very scary, and the resulting costs are real, and should be planned for, including with regard to cyber incident insurance”.  It is unknown whether AMCA had a cyber insurance policy or not, however, this situation demonstrates the importance of having coverage in place with high enough limits to adequately cover the exposures from your operations. 

While not all Cyber Liability policies are the same, one of our experts can help you analyze the needs of your business and match coverages and limits appropriately. 

Key coverage takeaways from AMCA breach include:

• Response Costs, Notification Expenses and Credit Monitoring Expenses, which as demonstrated by AMCA’s expenses, can become very costly quickly.
• Coverage for third party claims alleging liability resulting from a security or privacy breach.
• Coverage for defense costs and regulatory fines or penalties incurred in a regulatory investigation.
• Coverage for reputational damages post data breach.

It is important to be having these conversations with your trusted insurance professional prior to an incident.  At WalkerHughes, we are here to partner with you to protect your plans.