• About Us |
  • Follow Us: 
theinsurance411.com logo

The Insurance 411

What you need to know about insurance

  • Essential Property and Liability Insurance
    • All Property & Liability Topics
    • Business Income Insurance
    • General and Auto Liability
  • Specialized Insurance Policies
    • All Specialized Prop & Liability Topics
    • Credit Risk
    • Cyber Insurance
    • Directors & Officers
    • Employment Practices Liability
    • Environmental Liability
    • Professional Liability
    • Surety
    • The Basics
  • Workers’ Compensation Insurance
    • All Workers’ Comp Topics
    • Claims Management
    • Controlling Costs
    • Loss Prevention
    • Regulations
    • The WC Basics
  • Employee Benefits
    • All Employee Benefit Topics
    • Affordable Care Act – “ObamaCare”
    • Benefits Management & Compliance
    • COBRA
    • Dental Insurance
    • Group Disability Insurance
    • Retirement Plans
    • Vision Plans
    • Voluntary Benefits
  • Essential Property and Liability Insurance
    • All Property & Liability Topics
    • Business Income Insurance
    • General and Auto Liability
  • Specialized Insurance Policies
    • All Specialized Prop & Liability Topics
    • Credit Risk
    • Cyber Insurance
    • Directors & Officers
    • Employment Practices Liability
    • Environmental Liability
    • Professional Liability
    • Surety
    • The Basics
  • Workers’ Compensation Insurance
    • All Workers’ Comp Topics
    • Claims Management
    • Controlling Costs
    • Loss Prevention
    • Regulations
    • The WC Basics
  • Employee Benefits
    • All Employee Benefit Topics
    • Affordable Care Act – “ObamaCare”
    • Benefits Management & Compliance
    • COBRA
    • Dental Insurance
    • Group Disability Insurance
    • Retirement Plans
    • Vision Plans
    • Voluntary Benefits
Top Business 411 Stories
  • | How Do Your Healthcare Providers Rate?
  • | Marijuana and Workers Compensation
  • | How to Get Sued By Your Employees in 10 Easy Steps
  • | Employee Dental Insurance for Every Budget

Why You Need a Data Management Plan

November 10, 2014 by The Insurance 411Leave a Comment

Data management plan

Companies who suffered a material data breach in 2013 lost an average of $3.2 million in business.

Each record of sensitive personal information stolen or compromised costs companies an average of $201. That adds up to $5.9 million for every organization that had a data breach.*

When people trust you with their personal information, they expect you to protect it. When something goes wrong and their data gets lost, stolen or compromised, they get angry. According to the Ponemon Institute’s 2014 Cost of Data Breach Study, companies suffering a material data breach in 2013 lost an average of $3.2 million in business. This comes in addition to the cost of remediating a data breach.

Both physical and electronic data can be compromised, but electronic breaches have higher loss potential. An electronic data breach can occur when:

  • Unauthorized users gain access to electronic documents containing personal identifying information (PII) via sharing of passwords, leaving work station unlocked/unattended, etc.
  • PII is posted, in any format, onto the world wide web without authorization.
  • A laptop or smartphone containing PII is lost or stolen.
  • Someone steals data from a laptop or other device connected to an unsecured wireless network.

So…what can you do to protect your organization from data breaches? Here’s three step data management plan:

Step 1: Protect

Ponemon found that organizations with a strong security plan lowered data breach costs by as much as $21 per record. To implement a data protection program, involve your IT team and data end users to identify specific risk exposures.

Consider the following: Where is data stored? Who has access? Who can make changes? How is it protected? Protections include both physical and intangible protections, such as software and procedures. When evaluating physical protections for your data, look at the setup of your data center. Can anyone access your servers, or is access limited to IT staff?
Organizations can control access to sensitive data by:

  • Requiring user permissions and separation of duties. Be sure to document each user’s access to applications and files.
  • Encrypting proprietary or personal data.
  • Restricting access to data from outside the company’s computer network.

Cloud computing creates new security exposures. Before entering into a cloud computing arrangement, check your vendor’s security protocols. Will any ownership/access issues arise? Check your contract with any cloud computing vendors to ensure you retain ownership of your data and that the vendor will not mine it or use it for its own purposes.

Step 2: Plan

The Ponemon survey found businesses with a formal incident response plan lowered costs of responding to a data breach by $17 per record. Having procedures in place can help you quickly collect and preserve data and gather evidence about the incident as soon as it’s reported.

You’ll need to determine whose records have been compromised and how you are going to notify them. On the federal level, the Health Insurance Portability and Accountability Act (HIPAA) protects an individual’s health information. No federal law at this point requires organizations to notify individuals when other personal information is breached, however.

Currently, 47 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have laws requiring private or government entities to notify individuals when their personally identifiable information is breached. These laws vary and may apply to different types of organizations. They may also have different definitions of “personal information” that trigger a notification requirement. For information on your state’s requirements, see the website of the National Conference of State Legislatures, http://www.ncsl.org.

Involve your public relations staff or counsel as soon as you learn of the breach. Inform your customers and the public sooner rather than later to look proactive. Be honest in reporting how the breach occurred, what you are doing to prevent similar incidents, and what other security measures you are taking.

According to the California attorney general, nearly one in four recipients of breach notices in the U.S. became a victim of identity theft in 2012, more than four times the rate of the general population. For that reason, many organizations offer victims of a data breach a year’s worth of identity theft protection.

Step 3: Insure

The standard general liability (GL) policy excludes coverage for loss or damage to electronic data. You can buy an endorsement that adds a separate sublimit of coverage for loss of electronic data only due to damage to tangible property.

To protect your organization from breach of data due to theft or negligence, you’ll need cyber liability coverage. You can buy this coverage as a freestanding policy or as part of a professional liability policy. Policies vary by insurer, but may cover:

  • Privacy claims: Losses from failing to protect personal information (i.e., Social Security numbers) and corporate information, as well as costs to repair identity theft and to respond to regulatory agencies.
  • Security losses: Losses due to a failure in network security, such as unauthorized access, virus transmission or destruction of software and data.
  • Web or online liability: Losses caused by infringement, defamation, plagiarism or negligence arising from the organization’s web site or social media. Policies might exclude this coverage for publishing or media-related businesses; you might have to obtain a separate publisher’s or media liability policy.

*Source: 2014 Cost of Data Breach Study: United States. Ponemon Institute, May 2014. http://ponemon.org


What Are Your Odds?

A survey by PricewaterhouseCoopers LLP found that information security breach incidents increased 48 percent this year, to 42.8 million, or the equivalent of 177,339 incoming attackers per day.

The Ponemon Institute’s study found that malicious or criminal attacks caused 44 percent of data breaches, the highest cause. Human error caused 31 percent, while system glitches accounted for 24 percent. Security breach risks vary by industry and business size: calculate your organization’s odds of experiencing a data breach at: http://databreachcalculator.com.

Filed Under: Cyber Insurance   •  Specialized Insurance Policies

[wp_ad_camp_3]

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Read more ⤵

  • Business Insurance
  • Personal Insurance
  • Newest Business Articles
  • All Business Topics
  • Recommended Articles
    • Ways to Make Childcare Costs a Little More Affordable
    • Self Funding 101 For Employers
    • Weight Discrimination on the Rise
    • Understanding Consumer-Driven Health Plans

The Daily Blog

Directory Ad for 411sidebar

Register for Weekly Business Insurance Article Updates

  • This field is for validation purposes and should be left unchanged.

Most Popular

  • Ways to Make Childcare Costs a Little More Affordable
  • Title VII Non-discrimination Protections Apply to LBGTQ Individuals
  • Drones in the Workplace
  • Why Stress Is a Work Safety Problem

Attention Insurance Agents

If you are looking for quality insurance content for your own customized newsletter, please visit Smarts Publishing:
https://smartspublishing.com

Business Insurance 411

  • Essential Property and Liability
  • Specialized Policies
  • Workers’ Compensation
  • Employee Benefits

Personal Insurance 411

  • Homeowners Insurance
  • Auto Insurance
  • Life & Health Insurance
  • Personal Insurance Basics

Read More

  • Business 411 Articles
  • Personal 411 Articles
  • Top Stories Business
  • Top Stories Personal

The Daily Blog

  • Newest Business Articles
  • Newest Personal Articles
  • Most Popular Business
  • Most Popular Personal

Copyright ©2019 TheInsurance411.com

  • Home
  • Terms of Use
  • Privacy Policy
  • About Us
  • Contact Us