Escalation and Remediation Points of a Cyber Breach

August 08, 2019

Is it possible to avoid a negative cyber experience? With the right forensics, public relations, and insurance partners to weather the storm, the answer is “yes.” Before any company can effectively recover from a cyber event, there are common (and often unavoidable) pitfalls that may transpire, which can result in increased costs and notoriety. See the following escalation points and remediation points on how to best prepare and respond in the event of a cyber breach.


Similar cyber events can have different outcomes depending on several factors. When quantifying losses, consider these escalation points in the worst-case scenarios to understand their effects.

Number of Days of Business Interruption  

Many organizations can withstand some disruption to operations using manual workarounds such as keeping inventory on-hand, shifting production, or working overtime. With longer disruptions, an organization may face greater financial impact (e.g. consequential revenue loss clauses with distributors, loss of market share, or reputational damage). If a company is in a regulated business where it cannot continue operations until a regulator approves the restart, an even greater impact can be expected.

Single Points of Failure 

Anytime a process has a single point of failure (e.g. a single part incorporated in all products or a single network), there is potential for significant disruptions to operations. In some cases, single points of failure take weeks or months to repair or replace. In other cases, single points of failure cannot be replaced, so the whole manufacturing or business process has to be changed.

Number of Damaged/Destroyed End Points 

Cyber events that damage computing equipment can be devastating. It is often difficult to procure enough equipment to restore operations. When a certain number of computers are “bricked,” additional logistics costs come into play and downtime is extended.

Number of Data Records 

In a traditional data leak/breach event, the number of records lost will cause the total cost of an event to increase. Each record may require notifications and credit monitoring. At a certain level, the number of records is enough to get plaintiffs’ lawyers interested. The costs of defending an event can grow significantly when this threshold is reached.


No one plans to be the next breached company featured on the nightly news. It can be challenging to predict the true impact of a cyber event, yet some companies with large cyber events manage to stay under the radar. How do you get to be one of those?  See the following on how best to prepare for and remediate when bouncing back from a cyber event.

Network Segmentation 

Effects of a data breach can be felt more widely across flat networks. Segmentation of systems can limit the amount of data that may be compromised. Income loss and related expenses can be limited to a small part of the system.

Unanticipated Press Disclosure 

Surprise release of information on a breach or loss prior to a planned press release can create a reaction where the breach is not able to be managed in a way that allows costs to be minimized.

Loss of R&D

Loss of a product idea, data supporting its functionality, trade secrets, and other valuable corporate intellectual property can negatively impact a company and result in loss of income and competitive advantage. Loss of such information due to a security breach can have compounding effects.

Length of Time to Discovery

Breaches that are discovered months or years after the initial intrusion are likely to cost more due to the appearance of negligence. Regulators may assume that there has been intentional withholding of information regarding a breach and will be more intrusive in their investigations.

PR Mismanagement

Situations where clients have had to repeatedly revise their breach story in the press are likely to incur greater costs due to perceptions of response mismanagement resulting in deeper regulatory investigations and more attention from the plaintiffs’ bar.

Companies that are assessing their cyber exposures should take these elements into account when quantifying their potential losses. Each can have a large impact on costs, but if they are recognized in advance, the likelihood of being a company whose cyber breach is a non-event might become considerably more likely. Moreover, it is important to work closely with your experienced cyber broker to ensure you have the right cyber coverages and policy limits to respond to the quantified risk of such an event.

Download Escalation and Remediation Points of a Cyber Breach here.

Keegan, Chris Chris Keegan, Cyber & Technology National Practice Leader, places network, privacy, technology, and media E&O insurance for companies in a variety of industries. He works closely in the development of new insurance products designed to transfer electronic risk. Chris can be reached via email at

This article is intended for informational purposes only. It is not a guarantee of coverage and should not be used as a substitute for an individualized assessment of one’s need for insurance or alternative risk services, nor should it be relied upon as legal advice, which should only be rendered by a competent attorney familiar with the facts and circumstances of a particular matter. Copyright Beecher Carlson Insurance Services, LLC. All Rights Reserved.