“I Lost My Laptop. Now What?”
The cost of a data breach
Consider this hypothetical situation:You finish your day at work and pack up your things to leave, taking your laptop with you so you can get some work done at home. On your way home, you stop by the grocery store.You make your purchases and return to the parking lot, and what you discover there makes your stomach turn over:Your car has been broken into.
When you look inside, you realize your laptop is missing.Your first thought is about how much that laptop will cost to be replaced. A thousand dollars? Maybe. But that's not the real cost of the theft.Your laptop contains personally identifiable information for your customers.
Your company has just experienced a data breach.
While most insurance professionals and insureds know there is insurance available to protect an organization facing this scenario, many still underestimate its value and the need for the product. The cost of replacing the laptop is inconsequential when compared to the exposure created by its loss. The data on the laptop is not covered by a property policy, and the liability from losing the data is also not a covered peril. A general liability policy would only provide coverage if there is bodily injury or property damage as a result of the loss of the laptop.
Severity Of A Loss
The Ponemon Institute’s “Cost of a Data Breach” study is published annually and illustrates how costly a breach can be. In the recently published edition, which summarizes the 2010 data, the study shows that the average data breach costs $7.2 million, and the average expense per compromised record is $214. The survey tracked expenses for data breaches ranging from 1,000 to 100,000 records. The least expensive breach cost a company $780,000 and the most expensive was $35.3 million. The average shown in the study does not include mega breaches such as Heartland Payment Systems (130 million records), TJX (94 million records) or TRW/Sears (90 million records), which would have pulled up the average dramatically. It is important to note within the study that $141 of the $214 per-record expense is made up of what the study calls “indirect costs,” such as the loss of customers who stop doing business with the company after learning of the breach, and the costs associated with advertising and public relations efforts to repair the company’s reputation. Notification, credit monitoring, forensics and other expenses make up the balance.
The potential expense from compromised data is large, but not as costly as pretending that it never happened and hoping no one figures it out. 46 out of 50 states have notification requirements following a data breach, and many have significant penalties based on the number of days a firm waits to report a data breach. For example, the State of Connecticut fined HealthNet $250,000 because the company waited six months to report a data breach that impacted 1.5 million individuals. The breach was a result of the loss of a portable hard drive. It’s important to note that the fines and penalties can be levied well in advance of the lost data actually causing harm. The mere potential exposure is enough to draw the attention of regulators. HealthNet, for example, was also ordered to establish a $500,000 contingency fund in case the data was later found to be accessed and used against residents of Connecticut.
The issue of punitive damages has become significant for maritime employers with employees working on maritime vessels since the June 2009 United States Supreme Court ruling in Atlantic Sounding Co. v. Townsend that made punitive damages allowable under Maintenance & Cure. In late 2010, a $25,000,000 verdict was issued in Doe v. Maersk Line Ltd., a case involving punitive damages. As one of the largest verdicts in the United States last year, it points to stormy times for maritime employers. Seemingly small mistakes in handling vessel crew injury claims can now lead to extremely costly punitive damages to your client. A punitive damage verdict…
Competitive Options Exist for Your Client Despite Market Shifts
Mortgage impairment insurance is a policy purchased by financial institutions to protect their financial interests on property owned by borrowers. Home and business owners are required to carry first-party insurance on the mortgaged property to protect their own interests, but what if they don’t buy enough to cover their loan balance or don’t buy the proper coverage? This insurance policy is secondary to the owner’s own policy and protects only the interest of the financial institution. Since the financial institution cannot be certain that every homeowner and business owner will maintain the proper insurance, they run…