Skip to content
Cyber

Understanding the Business Impact of Data Breaches

The Baldwin Group
|
Updated: February 25, 2025
|
6 minute read

The Business Impact of Data Breaches & How Cyber Liability Coverage Can Help

In today’s digitally interconnected world, businesses of all sizes are increasingly reliant on technology to improve efficiency, elevate customer experiences, and bolster growth. While employing various digital solutions, businesses collect and store sensitive data, ranging from customers’ personal details to proprietary information.

However, this dependence on technology has also increased organizations’ cyber risks, with cybercriminals continually searching for exploitable cyber vulnerabilities. When organizations experience a data breach, it can lead to significant financial, reputational, and operational consequences. In this article, we explore the impact of data breaches, examine notable real-world incidents, and offer risk mitigation recommendations. We also provide guidance on how you can use cyber liability insurance and data breach insurance to help safeguard your businesses from these risks.

The widespread impact of data breaches

A data breach occurs when unauthorized individuals access or steal confidential data, and can stem from various causes, including hacking, human error, phishing, malware, outdated systems, supply chain attacks, insider threats, and more. The fallout from data breaches can have far reaching impacts, both in the short and long term:

  1. Financial losses – Data breaches are expensive. According to IBM’s 2024 Cost of a Data Breach Report, the global average cost of a data breach reached increased 10 percent over the previous year, reaching $4.88 million, the biggest jump since the pandemic. These costs include legal fees, regulatory fines, investigation expenses, and customer notification efforts. In many cases, businesses also face class-action lawsuits from affected customers.
  2. Stolen intellectual property – A data breach can also be used to steal intellectual property and other proprietary data, such as trademarks, patents, blueprints, proprietary algorithms, and trade secrets potentially also triggering an intellectual property coverage claim.
  3. Reputational damage – These types of events can erode customer trust, especially if sensitive information such as Social Security numbers, payment details, or medical records are compromised.
  4. Operational disruption – Many breaches involve ransomware attacks that lock businesses out of their systems until a ransom is paid. This can disrupt day-to-day operations, resulting in lost revenue and productivity.
  5. Regulatory penalties – Depending on the industry and the jurisdiction, a data breach may lead to hefty fines for non-compliance with data protection laws and regulations such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the FTC’s data privacy rules, or the SEC’s disclosure requirements.

Data breaches, making headlines

Year over year, data breaches unfortunately continue to make headlines, demonstrating the impact that they have on businesses in all industries and of all sizes. And while not all data breaches are big enough to garner media attention, their impact on organizations shouldn’t be underestimated.

2024 top ten cyber breaches

  1. National Public Data Breach
    • Cost: To be determined
    • Impact: 2.9 billion individuals’ records, including Social Security numbers
  2. UnitedHealth Group Ransomware Attack
    • Cost: $22 million in ransom, not including remediation costs
    • Impact: 100 million individuals’ records
  3. Snowflake Data Breach, Cyber Supply Chain Attack
    • Cost: Hackers extorted $2.7 million, additional remediation costs unknow
    • Impact: Hundreds of corporate clients, and subsequently, their clients’ records
  4. AT&T Data Breach
    • Cost: $370 thousand in ransom, total remediation costs unknown
    • Impact: 110 million customers’ records
  5. Ticketmaster Data Breach
    • Cost: Multiple class action lawsuits seeking at least $5 million in damages, not including regulatory fines or remediation expenses
    • Impact: 560 million breached records
  6. Santander Data Breach
    • Cost: Exact financial impact unknown, though responsible group offered stolen data for $2 million on dark web
    • Impact: 30 million impacted records
  7. Change Healthcare Ransomware Attack
    • Cost: $22 million in ransom to hackers, total expenses not known
    • Impact: 100 million breached records
  8. T-Mobile Data Breach
    • Cost: $31.5 million dollar settlement reached with FTC in 2024
    • Impact: 40 million individuals’ records exposed in 2021 hack
  9. Bridgeway Center Data Breach
    • Cost: Multi-million dollar settlement reached, allowed affected parties to each claim up to $7,500 in compensation
    • Impact: 65,386 impacted people
  10. Comcast Data Breach
    • Cost: Not publicly available
    • Impact: 237,700 customer records

How cyber liability insurance and data breach insurance protect businesses

Given all that is at stake, it’s critical for businesses to proactively protect themselves from the fallout of a data breach. Cyber liability insurance and data breach insurance are essential components of a sound cyber risk mitigation strategy. Data breach coverage is typically a component of cyber liability policies, though you’ll want to be sure you know exactly what’s covered, excluded, or sub-limited in your specific cyber liability policy. No two policies are the same, and insurers may change coverage terms from year to year.

Beyond providing financial recourse after a cyber incident, a comprehensive cyber liability policy may also lend access to valuable resources and tools that can improve your company’s cybersecurity resiliency. When you’re in the market for cyber liability insurance, assess your options to ensure they cover:

  1. Legal and regulatory costs – Cyber liability insurance may help cover legal fees, regulatory fines, settlements, and costs associated with responding to lawsuits.
  2. Incident response and recovery support – Many cyber liability insurance policies include access to incident response teams. These experts assist with identifying the cause of the breach, mitigating its spread, and restoring systems. This support can significantly reduce downtime and financial losses.
  3. Data breach notification costs – Notifying affected customers and stakeholders is often required by law and can be expensive. Data breach insurance can cover the costs of communication, including setting up call centers to handle customer inquiries.
  4. Business interruption coverage – If a data breach disrupts operations, businesses may face significant revenue losses. Cyber liability insurance can compensate for these losses, helping companies stay afloat during recovery.
  5. Ransomware payments – While paying a ransom is generally discouraged, some businesses see it as the only viable option to resume operations. Cyber liability insurance may cover ransom payments, as well as the costs of negotiating with cybercriminals.

Steps to strengthen cyber resilience

Though insurance is an incredibly valuable resource, the best data breach is one that doesn’t happen. Prevention, detection, and resiliency are a business’s best defense against bad actors. Additionally, most cyber insurers require companies adopt specific practices in order to provide coverage.

We recommend:

  1. Administering employee awareness trainings and phishing simulations 
  2. Implementing Multi-Factor Authentication (MFA) for all users 
  3. Employing a password manager across your user base 
  4. Adopting a principle of least privilege policy 
  5. Implementing third-party risk management controls and protocols for vendors 
  6. Making sure all employees use a Virtual Private Network (VPN) 
  7. Deploying best practices for securing Remote Desktop Protocol (RDP) 
  8. Leveraging the air gap technique and encrypting all backups 
  9. Removing end-of-life (EOL) and end-of-service life (EOSL) devices and software 
  10. Using an endpoint detection and response (EDR) solution to monitor and stop suspicious activity 
  11. Practicing common vulnerabilities and exposures (CVE) threat hunting 
  12. Enabling and analyzing logs for your devices and digital landscape  
  13. Establishing a security operations center (SOC) and 24/7 network monitoring 
  14. Building an effective patch management program 
  15. Having an incident response plan and continually testing it 

Trusted experts, in your corner

By investing in robust cybersecurity measures and securing cyber liability insurance and data breach insurance, your business can be in an optimal position to protect itself from the fallout of cyber events. Navigating the dynamic cyber risk landscape and cyber insurance can be complicated, which is why The Baldwin Group’s Cyber Center of Excellence is here to guide you toward solutions that help safeguard your business longevity.

Start the conversation today with our experts to fortify your cyber defenses.

For more information

We’re ready to help when you are. Get in touch and one of our experienced Baldwin advisors will reach out to have a conversation about your business or individual needs and goals, then make a plan to map your path to the possible.

Connect with Us

This document is intended for general information purposes only and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. The Baldwin Insurance Group Holdings, LLC (“The Baldwin Group”), its affiliates, and subsidiaries do not guarantee that this information is, or can be relied on for, compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. The Baldwin Group does not guarantee any particular outcome and makes no commitment to update any information herein or remove any items that are no longer accurate or complete. Furthermore, The Baldwin Group does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content. Persons requiring advice should always consult an independent adviser.

Tags in this resource

Cyber Cyber Risk
Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

View related insights
Real Estate
Comprehensive Guide to Apartment Building Insurance
Comprehensive Guide to Apartment Building Insurance: What You Need to Know Owning or managing an apartment building comes with significant...
Read More  
Real Estate
How Much is Commercial Property Insurance? Key Cost Drivers
What drives commercial property insurance costs? Commercial property insurance protect your physical real estate investments, but rising premiums can be...
Read More  
Construction
Contractor Professional Liability vs. General Liability Insurance
Understanding general vs. professional liability insurance In the construction world, safeguarding your business goes beyond delivering quality work on time...
Read More  
International
Successfully Scale Benefits Globally for your U.S.-Based Tech Company
When U.S. technology companies start expanding globally, it quickly becomes evident that their innovative benefits package won't automatically translate to...
Read More  
Surety Bonding
Surety Bonds vs. Letters of Credit: Which is Better?
Leverage surety bonds over letters of credit The economy is in a continual state of flux, with interest rates, inflation,...
Read More  
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us