http://www.networkworld.com/columnists/2010/081210-andreas.html 

Security: Risk and Reward  
By Andreas M. Antonopoulos
Network World
August 12, 2010 

If your business manages personal information about health or finances, 
a security breach can cost millions. HITECH and other regulations not 
only apply fines, but they require disclosure and notification of those 
affected. In some cases, companies must pay for free credit reports too. 
These costs can range from $80 to $200 per compromised record. The 
problem for many companies is the sheer volume of information that can 
be compromised in a single breach. If you lose 5,000, 50,000 or 500,000 
records, the math may mean bankruptcy. Fortunately, you can now get 
insurance to cover these risks.

Network security or privacy loss insurance has been around for just over 
a decade. Initially it was only offered by a handful of specialist 
insurers, like Lloyds of London. Nowadays, there are more than 15 
companies offering coverage for security breaches, as well as brokers 
who can help you find the right coverage.

Insurance against security breaches covers two main areas. First-party 
coverage protects you against the direct costs suffered by your 
business, including potential fines, productivity loss, financial damage 
and even PR expenses. Third-party coverage protects you against costs 
incurred for damage to third parties, such as virus damage or identity 
theft remediation.

Healthcare and insurance companies are buying these policies to cover 
the residual risk of a breach that reveals HIPAA protected information. 
With the large numbers of patients or insured customers, the potential 
cost of a breach can be very high. But it's not just healthcare 
organizations that have personally identifiable information (PII). Large 
companies have a ticking bomb in their HR databases, with Social 
Security numbers, credit details and other PII.

[...]


--
Visit InfoSec News!
http://www.infosecnews.org/