|
|
PRESERVING PRIVACY
With Scott Schleicher, AVP, Manager – Technology E&O
and Robert Anderson, AVP, Senior Underwriter – Select Professional
At airports nationwide, 12,000 laptops are lost or stolen each week. That tallies to an estimated 624,000 lost or stolen laptops annually. For many professionals, a laptop is a technological lifeline – their 24/7 connection to their office, colleagues, customers, proprietary data and so much more. Given the value of what's inside a laptop, it is even more surprising to find that only 33 percent of laptops left behind at security checkpoints are ever recovered – most reunited with their owners before their flight takes off. The other 67 percent are never retrieved or recovered.
“We’re all hooked. We rely on technology – from blackberries to cell phones to memory sticks – in both our professional and personal lives,” according to Scott Schleicher, Assistant Vice President and manager of XL Insurance’s Technology E&O Products. “Technology has made our lives so much more efficient giving us access to loads of information quickly and allowing us to conduct business and organize our personal lives with a few taps on the keyboard.”
“Yet, our day-to-day interaction via technology and our dependency on it has also made us very vulnerable. Just one missing laptop can turn into a serious problem for any organization,” said Mr. Schleicher. “No industry is immune to potential privacy breaches, but technology companies – those tasked with providing the hardware or software, online services and often data protection – can find themselves particularly exposed to not only financial, but reputational damage as well when information is compromised.”
What’s a company got to lose? Plenty. For one, companies conducting business in the United States must manage myriad changing privacy regulations which often require them to immediately disclose, usually in writing, to their customers any breaches of personal information. The costs involved with notifying customers about breaches can be substantial. According to Ponemon Institute's Fourth Annual Cost of Data Breach Study issued in January, the average cost of a data breach has risen to $202 per customer record in 2008 from $197 in 2007.
In addition to the operational expense of notifying customers, when a breach of private data occurs, technology companies may find themselves paying for costs related to crisis management efforts, restoration or reconstruction of data at the same time they may be dealing with a potential decline in their own revenue. In addition to handling their own expenses, technology companies are also susceptible to potential third party claims: general damages, out-of-pocket expenses related to data restoration or credit monitoring services, contractual fines and even shareholder lawsuits.
“Especially when your industry is technology or relies heavily on technology to do business, a headline-making privacy breach can be especially costly,” said Steven Anderson, AVP and Senior Underwriting in XL Insurance’s Select Professional group.
For instance, Business Week recently reported on the security breach of Heartland Payment Systems, the fifth-biggest payments processor in the U.S. Hackers had intruded into Heartland’s network in 2008 and the result is being called the largest-ever criminal breach of credit card data. Security experts estimate that as many as 100 million cards issued by more than 650 financial services companies may have been compromised. So far, Heartland has recorded $12.6 million in expenses related to the intrusion, including litigation and fees. Even with the threat of class actions, the company made the bold decision to speak publicly about the incident in order to encourage other businesses to share information about attacks in a more concerted fight against cyber criminals or hackers, who are becoming better organized across the globe.
Heartland knows they are certainly not alone. There is no shortage of privacy breach incidents in the news. In another recent study conducted by the Ponemon Institute – the 2009 Annual U.S. Enterprise Encryption Trends Study – 85 percent of the 997 survey respondents experienced at least one data breach in the last 12 months.
“Companies are recognizing they have tremendous risk to identity and security breaches and are closely examining their risk management strategies, including employee training and insurance, to reduce their exposure,” said Mr. Anderson.
According to Mr. Anderson, preventing a potential loss is always the first step in wise risk management. For instance, to minimize their potential privacy liability, companies are wise to:
- Train employees and contractors to understand their responsibility in the protection of data assets.
- Ensure that mobile devices are encrypted and that employees understand the organizations' policies with respect to downloading sensitive information and working remotely.
- Make employees aware of the precautions that should be taken when traveling with laptops, PDAs and other data bearing devices.
Additionally, a variety of Technology E&O products from the professional liability market today protect technology companies from claims if they are held responsible from programming errors, software performance, or the failure of work to perform as promised in a contract.
As the world becomes ever more interconnected and dependent on networks, laptops and personal handheld devices, protecting privacy is going to be a big risk management challenge for all industries. Technology companies in particular will need to reinforce their risk management efforts to assure they can keep their customers' information and trust carefully protected.
|
|
INsight is an XL Insurance publication. Copyright 2010. All rights reserved.
"XL Insurance" is a registered trademark of XL Group plc and the global brand used by its insurance company subsidiaries. Coverages are underwritten by Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Insurance Company of New York Inc., XL Select Insurance Company, XL Specialty Insurance Company, XL Insurance Switzerland, XL Insurance (Bermuda) Ltd, XL Insurance Argentina S.A., XL Insurance, Mexico S.A. de C.V., and XL Insurance Company Ltd. Coverage placed with Lloyd’s Syndicate 1209 are managed by XL London Market Ltd and supported by an XL corporate member at Lloyd’s. Lloyd’s ratings are independent of XL Group plc. Not all of the insurers do business in all jurisdictions nor is coverage available in all jurisdictions.
If you have any feedback or suggestions on INsight, please contact Sarah German, Vice President, Marketing & Communications, Americas. Sarah.German@xlgroup.com. 505 Eagleview Blvd, PO Box 636, Exton, PA 19341 • 888-609-2518 • 800-327-1414 • www.xlinsurance.com
|
|
|
|