Everyone who uses, stores or controls personal information about others – whether in business, finance, law, medicine, education, or countless other fields -- is now alert to the issue of cybersecurity. Consciousness has been raised by a relentless succession of news stories about breaches of computer network security, about the improper disclosure of private, personal information -- and about the growing number of laws intended to protect against such disclosure.
But while all are aware that data security is a problem, many remain unsure if it is their problem. They believe they have too few records to be at significant financial risk, or that their security measures are especially strong and protect them against the loss or theft of data, or that the probability of an attack or breach is low for their particular businesses, or that they already have adequate financial protection for these exposures through their existing insurance policies. Sometimes this is true, but it is rare – it doesn’t take much to expose a business to liability, especially with the greater sensitivity and regulatory attention to the protection of private information. It doesn’t even require a computer network, as evidenced by the troubles experienced by a national pharmacy chain for discarding patient records in publicly accessible dumpsters.
Numerous studies have made a couple of salient points clear beyond dispute: that companies’ financial liability for breaches of data privacy and security is significant ($204 per breached record and an average aggregate cost of $6.75M per incident) and growing, and that the risk cannot be “managed away” by diligent attention to network security measures. There are too many holes to plug, ranging from lost or stolen laptops or smart phones, to rogue employees, to the practices of service providers or business partners (and their employees), for any business to eliminate its exposure for data or network security breaches.
People in risk management understand that often the threshold challenge is to provide well-intentioned, overstretched executives with the clear and concentrated information they need in order to make informed decisions. In the area of data privacy and network security, while much valuable information is available to those who seek it, there is also enough misinformation, half-truths and irrelevant information out there to cause confusion and paralysis.
We will work to provide information and discuss issues relating to privacy and data security insurance in a way that is informative, timely and useful. Our focus extends to other areas of “cyber liability” as well, but in all cases, we hope that we can be informational and will facilitate practical and informed decision making about risk management and insurance.
For more information about Privacy and Data Security Insurance and a quote for insurance, contact us by clicking here. Or visit
Privacy-Insurance.com/ for more information and resources regarding privacy risks.