BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

fringe: Do you need network security and privacy loss insurance?

From: security curmudgeon <jericho () attrition org>
Date: Mon, 16 Aug 2010 03:10:08 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.networkworld.com/columnists/2010/081210-andreas.html

Security: Risk and Reward
By Andreas M. Antonopoulos
Network World
August 12, 2010

If your business manages personal information about health or finances, a 
security breach can cost millions. HITECH and other regulations not only 
apply fines, but they require disclosure and notification of those 
affected. In some cases, companies must pay for free credit reports too. 
These costs can range from $80 to $200 per compromised record. The problem 
for many companies is the sheer volume of information that can be 
compromised in a single breach. If you lose 5,000, 50,000 or 500,000 
records, the math may mean bankruptcy. Fortunately, you can now get 
insurance to cover these risks.

Network security or privacy loss insurance has been around for just over a 
decade. Initially it was only offered by a handful of specialist insurers, 
like Lloyds of London. Nowadays, there are more than 15 companies offering 
coverage for security breaches, as well as brokers who can help you find 
the right coverage.

Insurance against security breaches covers two main areas. First-party 
coverage protects you against the direct costs suffered by your business, 
including potential fines, productivity loss, financial damage and even PR 
expenses. Third-party coverage protects you against costs incurred for 
damage to third parties, such as virus damage or identity theft 
remediation.

Healthcare and insurance companies are buying these policies to cover the 
residual risk of a breach that reveals HIPAA protected information. With 
the large numbers of patients or insured customers, the potential cost of 
a breach can be very high. But it's not just healthcare organizations that 
have personally identifiable information (PII). Large companies have a 
ticking bomb in their HR databases, with Social Security numbers, credit 
details and other PII.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: