I am sure in the 1960's TV show Lost in Space, Will Robinson never envisioned that the Galaxy would suffer a greater threat from cyber hackers than asteroids. Most businesses today are not insured for the criminal risk of unauthorized access to their network systems. These uninvited guests no longer just cause a minor disruption or annoyance. According to the Ponemon Institute study of 2009, the average cost of a data breach globally is over $3 million. Some of the costs incurred are system damage, recovery costs and lost business due to business disruption, as well as negative publicity that results. The focus in this article is the necessary costs associated with notification and credit monitoring for those affected. There are insurance products in the marketplace designed to address cyber liability, but until recently there has been minimal interest.
What has been learned in recent years is that theft and fraudulent use of personal information is not always the major cost of a breach in security. If a corporate database is infiltrated by an outsider, there is the potential infection of personal data that is stored, financial and credit card information of customers and social security numbers of employees. When this occurs, there is a need for individual notification to anyone who may be exposed to the breach.There are over 40 states now that have legislated notification requirements for security breaches and more stringent federal guidelines are expected in the future.
According to the Ponemon study, the actual cost for individual notification and credit monitoring is in excess of $200. On an individual basis, this may not appear to be that catastrophic. However, consider the need to notify 10,000 customers of possible compromised access to credit/debit cards coupled with post-breach credit monitoring. We are now talking about costs in excess of $2 million. This is just the “damage control” expense side of the breach and does not begin to address any third party litigation that may follow.
These remediation costs, along with any regulatory fines or penalties, have been an area where most insurers offer minimal limits of coverage. Today, more insurers realize that these costs are the major focus and need for this insurance. Darwin Insurance and Allied World Insurance now extend this coverage up to full policy limits, which also includes regulatory fines or penalties. It is clear this coverage continues to evolve in line with legislative changes and a better understanding of the exposure to loss.
It would be wise for any business responsible for personal information -- credit information, social security numbers or medical data -- to evaluate the need for this insurance. In the words of the Robot, “Danger, danger Will Robinson!”. It is best to be aware of the dangers associated with cyber business risks even if you don’t buy the insurance.
No comments:
Post a Comment