Thursday, April 3, 2014

Spotlight on Data Breach

In 2013 alone, Americans reported 47,000 data breach incidents totaling a staggering 44 million compromised records. As technology explodes, so does our exposure to technology related claims. Information is everywhere we look and more accessible than ever. Exposures never used to exist are now at the forefront of many companies’ liabilities.

Apply for Technology E&O Here
Send Applications Here

The business functions that are most at risk include E-commerce, credit card processing, website design, consulting, data storage and technical support. This list doesn’t stop there. Everyday, hundreds of businesses are exposed to cyber liability. A security breach could result in losses of hundreds of thousands or even millions of dollars, not to mention an incalculable loss of reputation. What many businesses don’t realize is that even the most costly risk exposures are often the result of simple mistakes and oversights or out of your control completely. Cyber Liability policies can give you the protection you need. Additionally, many of these policies will also help you to prevent these careless mistakes through risk management services and, in certain cases, a “Breach Coach” to help contain costs in the event of a loss.

How is Data Breach Defined?

One of the most complicated aspects of Data Breach liability is that is defined differently everywhere you go. All but four states have enacted data security and breach notification laws with individual definitions of personal information, notices required and appropriate coverage. When it comes to Cyber Liability, every customer’s needs are unique and may fall under a number of different coverage options.

Data Breach in the News

In 2013, US experienced the highest total cost of data breach worldwide with payouts averaging $5.4 million per breach. Small and medium company data breaches in particular have skyrocketed. Take a look at some high profile data breach stories that have been making recent headlines.

University of Maryland

The University of Maryland College Park reported two data breaches within two weeks for the month of March following an unrelated massive breach of 288,000 individual’s personal information on February 18th, 2014. Twice within a short period of time, someone was able to hack into the school’s computer network and obtain personal information. February’s breach was even worse, compromising social security numbers and birth dates of all those who received university IDs since 1998. Since, the school has taken action to remove a number of university websites and beef up their security. The FBI and U.S. Secret Service became involved to address the issue. In a letter to University of Maryland Administrators, Ann Wylie, chair of the President’s Task Force on Cybersecurity, announced plans for the University IT staff to invest massive financial and personnel resources to better protect the University’s information.
Maryland Source 1
Maryland Source 2

University of Delaware

In July of 2013, hackers launched a cyber attach on a University of Delaware computer system, exposing as many as 72,000 personal records. The hackers were able to exploit a flaw in the schools software and steal names and addresses in addition to Social Security and university identification numbers. The University of Delaware is currently looking at $13 million to $19 million in costs as a result of this breach.
Delaware Source 1

First American Bank

In February of this year, customers at First American Bank were advised not to use debit cards, or any other cards, in local taxis following 500 reported fraudulent chargers totaling $62,000. The bank alleges the breach occurred after customers used cards Chicago taxis. National Cyber Security Task Force members believe the breach itself occurred while credit card information was transitioning through outsourced processing systems. Currently this incident is under investigation and all parties involved face serious financial losses.
First American Source