![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
fringe: Do you need network security and privacy loss insurance?
From: security curmudgeon <jericho () attrition org>
Date: Mon, 16 Aug 2010 03:10:08 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.networkworld.com/columnists/2010/081210-andreas.html Security: Risk and Reward By Andreas M. Antonopoulos Network World August 12, 2010 If your business manages personal information about health or finances, a security breach can cost millions. HITECH and other regulations not only apply fines, but they require disclosure and notification of those affected. In some cases, companies must pay for free credit reports too. These costs can range from $80 to $200 per compromised record. The problem for many companies is the sheer volume of information that can be compromised in a single breach. If you lose 5,000, 50,000 or 500,000 records, the math may mean bankruptcy. Fortunately, you can now get insurance to cover these risks. Network security or privacy loss insurance has been around for just over a decade. Initially it was only offered by a handful of specialist insurers, like Lloyds of London. Nowadays, there are more than 15 companies offering coverage for security breaches, as well as brokers who can help you find the right coverage. Insurance against security breaches covers two main areas. First-party coverage protects you against the direct costs suffered by your business, including potential fines, productivity loss, financial damage and even PR expenses. Third-party coverage protects you against costs incurred for damage to third parties, such as virus damage or identity theft remediation. Healthcare and insurance companies are buying these policies to cover the residual risk of a breach that reveals HIPAA protected information. With the large numbers of patients or insured customers, the potential cost of a breach can be very high. But it's not just healthcare organizations that have personally identifiable information (PII). Large companies have a ticking bomb in their HR databases, with Social Security numbers, credit details and other PII. [...] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- fringe: Do you need network security and privacy loss insurance? security curmudgeon (Aug 16)