Cyber Insurance underwriters have recently become more focused on the data security practices for portable media devices such as laptops, thumb drives and smart phones. Underwriters expect accounts with confidential data to use best practice to help mitigate the exposure, and we are seeing this put into practice as underwriters review encryption needs and use more closely.
Hackers are becoming increasingly successful in breaching security measures at both large and smaller organizations. While encryption is not a silver bullet, it does provide a level of protection from lost or stolen media. In a 2010 study, 46 percent of the lost laptops contained confidential data, only 30 percent of those systems were encrypted, and only 10 percent had other anti-theft technologies (see here). And lost laptops are the leading cause of HIPAA data breaches (see here).
Recent examples:
- BCBS employee loses laptop with info on 850,000 docs (see here)
- Stolen device held 520 patient records from a health office in Michigan
- Theft of laptop from employee home contained sensitive HR information
- Unencrypted flashdrive containing employee information lost during mailing to benefit provider
Physicians smart phone, containing patient records, stolen from car - Encrypted computer stolen from employee house, along with paper with password, contained patient records (see here)
- Stolen laptop contained names, social security numbers and credit cards numbers
A complicating and expensive factor is statutory notice requirements. Many jurisdictions have passed laws and regulations requiring notice to regulators and to individuals whose information may be compromised when a breach occurs, and the notifications costs and the adverse publicity are significant.
Underwriters are assessing the need for encryption by asking detailed questions, and for those accounts that do not use encryption underwriters are increasing pricing, declining risks, or carving back coverage.
Please contact us for a Data Security and Encryption brief, and for more information on Cyber Insurance and Technology Professional Liability insurance. Cyber Insurance is easy to obtain, provides broad protection and is inexpensive (see our prior post here). Our range of markets can provide Cyber Insurance and Technology Professional Liability insurance to all types of technology exposures.
eSpecialty Insurance is your specialty insurance expert. We have developed a streamlined marketplace to provide multiple proposals from a range of competitive insurers, along with expertise to help you evaluate your exposures and choose the best combination of comprehensive coverage and price. We look forward to working with you.
Very interesting article. It is so surprising that big companies dont take cyber threats seriously. But I guess it is costly and not always easy for the insurance companies to assess the risk of insuring information.
Posted by: Studentforsakring | February 15, 2012 at 03:32 PM
Interesting stuff here.
Posted by: White Bear Lake Auto Insurance | November 30, 2011 at 01:15 PM
Its interesting to learn about all the different types of insurance. Great article!
Tommy @ Prize Insurance
Posted by: Tommy @ Prize Insurance | November 21, 2011 at 10:41 AM
I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commentters here!Keep writing.Thanks.
Posted by: pgp file encryption | November 20, 2011 at 07:22 PM