255 W. Uwchlan Avenue
Downingtown, PA 19335

Facebook Twitter LinkedIn Google+ Yelp Instagram

We’re Here Today For Your Tomorrows

Auto Insurance AUTO Read More
Homeowners Insurance HOME Read More
Business Insurance BUSINESS Read More
Life Insurance LIFE Read More
Health Insurance HEALTH & EMPLOYEE BENEFITS Read More
Motorcycle Insurance MOTORCYCLE Read More

Data_breach.jpg

What Penalties Will a Data Breach Bring to your Company?

Data breaches are a large and growing problem for businesses of all sizes: The Data Loss Database - an online resource devoted to documenting reported and unreported lapses in data security - reports that the number of data breach incidents has grown steadily every year for the past four years, and has nearly doubled between 2009 and 2012. As of this writing, the number of known data breach incidents stands at 1,333.

To put the problem in perspective, the same organization reports that there were only 44 such cases in 2004.

Although the number of cases appears small, each case can affect a very large number of people. Nationwide Insurance recently reported a breach that potentially leaked the Social Security Numbers, drivers’ license numbers and dates of birth of 1.1 million people who asked for an online auto insurance quote. (Nationwide has been proactive, contacting those at potential risk and offering them free credit monitoring and identity theft protection insurance for a year.)

Severe Penalties

The law is clear: Businesses are responsible for safeguarding personally identifiable information entrusted to their care. This is true whether all your data is on your own employees, or whether you are a health care or insurance company with potentially sensitive information on thousands of people.

Many businesses would potentially be bankrupted in the event of a catastrophic breach of their entire database, or a big enough fraction of it. But standard business insurance does not typically provide any protection for losses incurred thanks to data breaches.

The potential losses are large. Lost income and man-hours spent notifying individuals potentially affected by a potential breach costs health care providers an average of $204 per incident, according to  the Ponemon Institute.

The HITECH Act sets federal penalties on health care companies that leak data on 500 patients or more as high as $1.5 million per incident. For all other industries, the Health Insurance Portability and Accountability Act imposes stiff civil and even criminal penalties for those responsible for data breaches.

"My employees are good. They won’t steal data"

You are probably right. But inside employees are not the biggest threat. Only about 10 percent of data compromises are attributable to an inside job by employees intentionally looking to steal sensitive data.

Rather, the single largest source of data leak was hacking by outside attackers - responsible for 25 percent of all known data breaches over time. Another 13 percent was attributable to data stored on stolen laptop computers. Poor document shredding and disposal practices were responsible for 7 percent of incidents. Mail accounted for 4 percent, and email accounted for 3 percent.

Accidental breaches caused by inside employees accounted for 21 percent of incidents, 57 percent of breaches, however, were caused by agents outside of the company or agency.

Insurance Coverage

That’s where data breach insurance coverage comes in. This kind of insurance - sometimes known as "cyber insurance," is fairly recent. It is a stand-alone policy that focuses solely on data breaches, as opposed to data loss by other hazards, such as fire and flood.

Policies vary, but a broadly written policy may provide coverage for the following:

  • The cost of notifying those affected
  • Lost income due to reputation damage
  • The cost of providing credit monitoring services to those affected
  • The cost of a rehabilitative public relations effort
  • The cost of legal defense

Coverage for fines can be added as a rider, but is not normally included in base policies at this point.

Scott Godes, an attorney with the Dickstein & Shapiro Law Firm, has written more extensively about the questions business owners can ask data breach insurance agents here.

For example,

  • Will the policy cover liability for damages to the credit card industry?
  • Does the policy cover data stored offsite? Offshore? In "the cloud?"
  • Does the policy cover regulatory action? If so, at what point? How formal does the action have to be?
  • Does the policy pay for data restoration costs?

Godes also advises small business owners and risk managers not to assume their crime insurance policies will cover data breaches.

Who Is Most At Risk?

While hospitals and insurance companies typically have a large number of personnel files, the most dangerous risk exposure seems to be in the small business market, say experts. This is because larger enterprises can afford to invest in state-of-the-art network security resources, top-of-the-line HIPAA certification and training for key persons, and a full-time network security and compliance staff member. Small businesses, on the other hand, face the same potential penalties, but without the in-house resources to mount a top-flight prevention effort. This is the market where data breach insurance is the most vital.

Posted 12:00 AM  View Comments

Share |


No Comments


Post a Comment
Name
Required
E-Mail
Required (Not Displayed)
Comment
Required


All comments are moderated and stripped of HTML.
Submission Validation
Required
CAPTCHA
Change the CAPTCHA codeSpeak the CAPTCHA code
 
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive


View Mobile Version
Facebook
Twitter
LinkedIn
Instagram
Carriers
Carriers
Carriers
Carriers
Carriers
Carriers
Carriers
© Copyright. All rights reserved.
Powered by Insurance Website Builder
Reach out and refer someone to us so we can give back to the community!
Every referral we receive, $5 will be donated to our Spotlight Charity of the quarter!