By Patricia-Anne Tom
April 27, 2009
http://www.insurancejournal.com/news/national/2009/04/27/99922.htm
Excerpts from the news article
Data security represents both a new market opportunity to sell insurance coverage and a new risk ? especially for independent insurance agencies that may not be compliant with data security laws or have plans in place to protect their own companies from data breaches.
While data security is an evolving issue, failing to protect data can have a huge financial impact on a company. The average total per-incident cost of a data security breach was $6.65 million, compared to an average per-incident cost of $6.3 million in 2007, according to the "U.S. Cost of Data Breach Study" conducted by data protection company PGP Corp. and information management research firm The Ponemon Institute.
The PGP/Ponemon study indicated that data breach incidents cost U.S. companies $202 per compromised customer record in 2008, meaning that companies incur additional costs with an abnormal churn in lost customers. More than 84 percent of data breach cases in 2008 involved organizations that had more than one data breach. And, more than 88 percent of all cases in the study involved insider negligence.
The cost of lost business continued to be the most costly effect of a breach, averaging $4.59 million or $139 per record compromised. Lost business now accounts for 69 percent of data breach costs, up from 65 percent in 2007, compared to 54 percent in the 2006 study.
"After four years of conducting this study, one thing remains constant: U.S. businesses continue to pay dearly for having a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy."
>>>>Nevertheless, it's important for business owners to get up to speed about how to handle a breach. "If a breach occurs, the ability to respond must be timely," said Shena Crowe, Infragard Coordinator for the Federal Bureau of Investigation. "Companies only have about 30 days or less."
>>>>>Of course, that means agents and brokers must educate themselves. "Our major challenge as an industry right now is educating agents and brokers as to what kind of questions they need to ask their insureds, to get their arms around what kind of information their clients have," Katona said.
Among questions to consider are:
* Does the client transacts business over the Internet?
* Does the client move information to another party over the Internet?
* What are the underpinnings of the client's technology?
* Does the data environment have a firewall?
* What processes and procedures are in place for things like encryption?
* What processes and procedures are in place for people accessing company computers?
"Spend time to manuscript coverage to match the client's exposure," Cisco Systems' Lamb said.
Above all, agents and brokers should take steps to ensure they're covered themselves.
"Insurance agents and brokers, obviously, capture a lot of information to write coverage for their insureds," Katona said. The Gramm-Leach-Bliley Act requires companies to have certain security measures in place. For smaller agencies, absorbing the costs of securing doors or having password protection and certain security measures in place can be difficult. But "98 percent of the agents we deal with are not Gramm-Leach compliant," Katona said. "As a group of insurance agents and brokers, we have a responsibility to protect that data."
No comments:
Post a Comment