A data breach put simply, is when personal information is accessed changed or used by someone who does not have permission to do so. There will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed. If someone accesses the data or passes it on without proper authorisation; or if the information is made unavailable, for example, when it has been encrypted by ransomware or accidentally lost or destroyed.
Recital 87 of the GDPR makes clear that when a security incident takes place, you should quickly establish whether a personal data breach has occurred and, if so, promptly take steps to address it, including telling the ICO if required.
Be it a malware attack to something as mundane as an employee making a genuine mistake like putting the wrong email address on an email. If you handle any sort of personal information the risks of a data breach are real. Data protection insurance protects businesses against the associated costs, whilst providing the resources and expertise to mitigate the damage and help get your business back on track.