I attended a class on cyber liability insurance earlier this week. It was hosted by one of my commercial insurance companies in their Richardson office. It covered a brief history of this insurance, outlined what’s covered, requirements, potential liability issues and impact, as well as data breach trends.
We are all aware of how fast technology changes. The iPhone was first introduced on January 9, 2007. The flat screen TV, tablet, laptop, or smart “watch” you buy now will be replaced with something newer next year. Data breach trends are evolving at almost the same rate of speed. For this post, I want to focus on three of these trends.
Business Size: One of the common misconceptions regarding cyber liability insurance is that only big businesses need this coverage. It’s easy to understand why many business owners think that. Most of the data breaches that reported by the news in the last 7 months have been with large companies such as Target, Neiman-Marcus, Michaels Stores, PF Chang’s, eBay, Under Armor, etc. Large companies are still targets, but small businesses with less than 100 employees are increasingly becoming targets of data breaches.
In 2012, 31% of all data breaches reported occurred at small businesses because they are easier to get into and there’s the potential for excellent data that can be sold to criminals. Even in the case of Target, their data breach occurred through a “side door” when one of the companies they contract with was breached. A quick scan of Privacy Rights Clearinghouse chronology of data breaches for 2014 shows 10 companies in Texas who’ve had a breach including; Heartland Automotive / Jiffy Lube (Irving), Houstonian Hotel, Club, & Spa, AutoNation Toyota (Austin), and Placemark Investments (Addison).
The issue is not the size of the company. The issue is the type of data your company handles. Even small businesses such as CPA’s, law firms, medical practices, financial planners, schools, churches, and more deal with sensitive information on their members, clients, patients, and students. This data encompasses names, birth cloud dates, social security numbers, payment information, addresses, medical records, employment records, tax data, and more. Any small business with this kind of information needs cyber liability insurance.
Migration to the Cloud: I don’t “own” any software; it’s all leased from a variety of companies that provide agency management software, quoting software, email and even telecommunication services. I log into secure servers at each of the insurance companies and brokers I work with. I back up my systems to another cloud. Data is in several different places.
The question many businesses are asking is, does migrating servers and data to the cloud increase or decrease exposure to a data breach? Most experts say that it’s a more secure environment due to higher levels of data encryption through the net, but even experts in data security are wondering what the real level of vulnerability is.
Health & Medical Data: There were two organizations that stood out to me on the list of Texas organizations on Privacy Rights Clearinghouse list; Baylor Regional Medical Center in Plano and Seton Northwest Hospital in Austin. Healthcare and medical information is being breached at a rapidly growing rate.
Experian Data Breach Resolution estimates that between 45% and 50% of all the incidents they service are from the healthcare sector. While data thieves are still looking for credit card and debit card information, many are turning their attention to medical and healthcare data.
Data breaches are and will continue to be an issue for both large and small companies. A way to mitigate against this risk is with cyber liability insurance which pays for the response, credit monitoring, etc. when a breach occurs (see http://188.8.131.52/~wiseinsu/data-breach-response-plan/). What do you think? Share your comments, experiences, and questions with me in the comments section of our blog or on our Google + and Facebook pages. I’d love to hear from you!