Cyber Risk insurance underwriters have recently become more focused on the data security practices for portable media devices such as laptops, thumb drives and smart phones. Underwriters expect accounts with confidential data to use best practice to help mitigate the exposure, and we are seeing this put into practice as underwriters review encryption needs and use more closely.
Hackers are becoming increasingly successful in breaching security measures at both large and smaller organizations. While encryption is not a silver bullet, it does provide a level of protection from lost or stolen media. In a 2010 study, 46 percent of the lost laptops contained confidential data, only 30 percent of those systems were encrypted, and only 10 percent had other anti-theft technologies (see here). And lost laptops are the leading cause of HIPAA data breaches (see here).
- BCBS employee loses laptop with info on 850,000 docs (see here)
- Stolen device held 520 patient records from a health office in Michigan
- Theft of laptop from employee home contained sensitive HR information
- Unencrypted flashdrive containing employee information lost during mailing to benefit provider
Physicians smart phone, containing patient records, stolen from car
- Encrypted computer stolen from employee house, along with paper with password, contained patient records (see here)
- Stolen laptop contained names, social security numbers and credit cards numbers
A complicating and expensive factor is statutory notice requirements. Many jurisdictions have passed laws and regulations requiring notice to regulators and to individuals whose information may be compromised when a breach occurs, and the notifications costs and the adverse publicity are significant.
Underwriters are assessing the need for encryption by asking detailed questions, and for those accounts that do not use encryption underwriters are increasing pricing, declining risks, or carving back coverage (see here).
Please contact us for a Data Security and Encryption brief, and for more information on Cyber Risk and Technology Professional Liability insurance. Cyber Risk insurance is easy to obtain, provides broad protection and is inexpensive (see our prior post here). Our range of markets can provide Cyber Risk and Technology Professional Liability insurance to all types of technology exposures.
Specialty Insurance Expertise: Tennant Risk Services
Content © Worldwide Facilities, LLC, 2005 - 2019 | All Rights Reserved.