Data-breach protection: Security, privacy insurance

Can someone else access your company and customer data without your permission? Approximately 1.1 million identities are exposed per breach or attack and over 232 million total, in 2011 alone. Small firms are just as vulnerable as large firms. Your business may have every safeguard in place and an attack can still happen. Fortunately there is insurance coverage available to protect you and your business. Here are some examples reported recently of data breaches:

A nonprofit charity accepts credit card donations. In some cases the donor authorizes the charity to charge a recurring monthly donation. The charity retains the donor’s credit card information to support the preauthorized recurring donation. A hacker penetrates the charity’s network and steals the credit card info. The hacker sells this information to an ID theft ring that uses it for unauthorized withdrawals or charges. The donors then sue the charity for damages.

A business owner found his online banking hacked, nine new employees added to his payroll register and $63,000 transferred to those “new” employees. The owner learned about it at 7:45 the next morning, called his bank to freeze the account but three of the payments were already wired out of the fake employee’s accounts to accounts offshore.

Insurance can provide liability protection such as network and information security liability, communications and media liability and regulatory defense expense coverage. Add to that coverage for crisis management expenses, security breach remediation and notification, computer program and electronic data restoration, computer fraud and funds transfer fraud, and you can begin to see the wide array of possible ramifications to a business. No matter how large or small your business is you may need this type of coverage now or in the future.

There are substantial financial costs to finding and remedying a breach to your companies’ data. Additional fines and legal costs are also possible and can be covered. There are subtle differences to the coverage’s available for data breach, cyber liability or privacy/identity theft liability policies. Limitations may include limiting coverage to “ecommerce or web activities,” and exclusions can include “claims arising from operational or programming errors.” Other possible exclusions include the insured’s failure to provide adequate notice regarding the purpose for collecting private information, and limitations are possible for types of media such as PDA’s, cell phones, iPods etc.

Remember: With one stolen laptop or smart phone, one resourceful hacker can access your company’s and also your customers’ data. A comprehensive solution to the many types of loss that are possible is available. A thorough evaluation of your risks and needs will help you determine the coverage you need to keep your business, ”in business” should such a breach happen. Pricing can run from $150 for an added $25,000 in protection to $2,800 for $1 million of protection and more. Some insurance companies even offer pre-loss breach prevention services to assist you in building your security defenses.

Ponemon Institute estimates it costs a business $194 per record stolen to cover their exposure to the customer. If you had 1,000 customer records stolen — or 5,000 — what would you do? Potential types of loss are going up by the day as hackers think of new ways to use your data.

Brad Pearce, a 35-year veteran of the insurance business, is an owner, officer and broker with A and H Insurance Inc. in Reno. Contact him at bpearce@aandhins.com or 775-829-2600.