Security: Risk and Reward
By Andreas M. Antonopoulos
August 12, 2010
If your business manages personal information about health or finances,
a security breach can cost millions. HITECH and other regulations not
only apply fines, but they require disclosure and notification of those
affected. In some cases, companies must pay for free credit reports too.
These costs can range from $80 to $200 per compromised record. The
problem for many companies is the sheer volume of information that can
be compromised in a single breach. If you lose 5,000, 50,000 or 500,000
records, the math may mean bankruptcy. Fortunately, you can now get
insurance to cover these risks.
Network security or privacy loss insurance has been around for just over
a decade. Initially it was only offered by a handful of specialist
insurers, like Lloyds of London. Nowadays, there are more than 15
companies offering coverage for security breaches, as well as brokers
who can help you find the right coverage.
Insurance against security breaches covers two main areas. First-party
coverage protects you against the direct costs suffered by your
business, including potential fines, productivity loss, financial damage
and even PR expenses. Third-party coverage protects you against costs
incurred for damage to third parties, such as virus damage or identity
Healthcare and insurance companies are buying these policies to cover
the residual risk of a breach that reveals HIPAA protected information.
With the large numbers of patients or insured customers, the potential
cost of a breach can be very high. But it's not just healthcare
organizations that have personally identifiable information (PII). Large
companies have a ticking bomb in their HR databases, with Social
Security numbers, credit details and other PII.
Visit InfoSec News!