BreachExchange mailing list archives
College officials wary of ‘cyber insurance' for private data
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sun, 15 Aug 2010 00:18:08 -0400
http://www.themonitor.com/news/officials-41652-insurance-college.html Officials at both of Hidalgo County’s public institutions of higher learning said they would rather rely on preventive measures than buy costly “cyber insurance” to protect against threats to their data security. Representatives from the University of Texas-Pan American and South Texas College said they were confident in the rigor of their information security systems. They see little value in cyber liability policies, which other higher education institutions across the nation have purchased to offset large expenses following a data breach. “Rather than spending money at the back end, use your resources to prevent (risk),” said Bob Lim, UTPA vice president of information technology. “There’s better use in working to fight intrusion than being scared of it.” UTPA’s network receives about 4 million attacks a year, Lim said. But adding new layers to security would be better than buying what might be an unused insurance policy. Members of STC’s board of trustees also said they trusted their security network on July 26, when they voted to gather more information before making a decision on a $50,000 cyber liability policy. Steven Bourdon, STC chief information security officer, said conversations with other college IT departments confirmed his belief that cyber insurance was better suited for e-commerce organizations. “The number one thing for us is reputation,” he said. “If there is a breach, how would you monetize the effect on reputation?” Like Lim, Bourdon said his department constantly evolves to change encryption technology, firewalls and antivirus protection as online threats become more complex. Both also said constant vulnerability assessments proved the integrity of their security systems, but should things go wrong, both colleges had plans in place to inform affected individuals of a breach. “At the end of the day, prevention is just the best bet,” Bourdon said. Yet making that kind of risk assessment is not a good plan, said David Navetta, founding partner of Information Law Group, a firm involved with privacy, security and technology law. [..] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- College officials wary of ‘cyber insurance' for private data Jake Kouns (Aug 15)