Protecting Against Data Breaches
If your company has yet to experience a data breach, it’s probably only a matter of time. In a 2007 survey commissioned by law and technology services firm Scott & Scott, LLP, entitled “The Business Impact of Data Breach,” 85 percent of respondents indicated they had already experienced a data security breach at some point.
Perhaps even more alarming is the fact that once a breach did occur, many of the companies did little to prevent a future breach. According to the survey, 46 percent of the respondents admitted they did not implement any type of data encryption solution after the initial breach was discovered.
Potential Impact of Data Breaches
When a data breach does occur, the impact can be severe and far-reaching. A Ponemon Institute survey of 45 U.S. companies reported that the number of compromised records in these companies in 2009 ranged from 5,000 to 101,000, with the overall cost per company ranging from $750,000 to $31 million. The average cost per breached record was $204.
Costs associated with breaches can include liability claim settlements, legal defense, and crisis management, among others. Organizations in industries such as health care where HIPAA compliance is mandatory may also face severe fines if they fail to take appropriate data and privacy protection precautions. In addition to the financial ramifications, companies can experience significant damage to their reputation in the aftermath of a data breach.
Breaches Are Inevitable
Breaches can occur in any number of ways; negligence and inadvertent disclosure of private or sensitive information are common causes, although many breaches are the result of malicious activity such as computer hacking. According to Chris Poulin, chief security officer for Q1 Labs, a subsidiary of IBM, it’s important to recognize that breaches are inevitable, and the worst thing companies can do is to ignore the fact that the threat exists.
Steps You Can Take to Prevent a Breach
While you may not be able to prevent breaches entirely, Poulin indicates there are three steps you can take that can significantly reduce your risk:
1. Implement security technology that meets the needs of your business. Factors to consider when selecting a technology solution includes its ability to control the flow of information across the organization, control user access to information, and whether it enables you to encrypt essential data where necessary.
2. Implement continuous configuration management processes. This helps to prevent access to your network other than what is needed to meet specific business requirements.
3. Address areas where you are most vulnerable. Making use of vulnerability scanner programs can help you identify at-risk areas in your computer network.
It is also essential to follow up frequently to ensure your security measures are up to date so that you can stay one step ahead of the constantly evolving security threats that can lead to data breaches.
Data Breach Insurance
Be aware that standard business insurance policies typically do not cover losses involving data-related issues. To minimize the impact of a breach if it does occur, consider purchasing an increasingly popular type of coverage known as cyber insurance. Depending on the policy, cyber insurance can provide coverage for:
- Data breach costs: includes victim notification, liability, and various crisis management services
- Regulatory civil action coverage: helps to pay fines assessed for HIPAA and other regulatory violations
- Cyber extortion coverage: pays when unidentified hackers attempt to sell back data that they steal
- Virus liability: covers losses incurred by others who claim to have acquired a computer virus from your system
- Content liability: covers lawsuits due to potentially injurious or plagiarized content that may appear on your company’s website
- Lost income coverage: replaces missing revenues that occur when your company’s website is temporarily offline
- Loss of data coverage: pays to replace data lost as a result of accidents or hacking
- Errors and omissions: covers losses that occurred due to software failure
Just as healthier individuals stand a better chance getting affordable life insurance coverage, the companies that implement stringent security practices are more likely to qualify for the most cost-effective and comprehensive cyber insurance coverage.
One factor that can significantly reduce your company’s premium is taking adequate steps to encrypt data.
To learn more about cyber insurance and whether it is right for your business, click here.