Can CyberInsurance Shore Up Data Insecurity?
Baker Hostetler partner Judy Selby asks, "What do Sony Corp.'s PlayStation Network, Zappos.com, Hannaford Brother Co.'s grocery stores, and South Carolina's Department of Revenue all have in common?"
If you answered serious data breaches involving the personal and financial information of over 100 million users, 24 million customers, and 3.6 million unencrypted Social Security numbers respectively, you get the gold star.
But now that data breaches are rampant — with a Ponemon Institute survey reporting 50 organizations experiencing 72 cyberattacks per week — not to mention the compliance issues these attacks raise with federal laws such as the Health Insurance Portability and Accountability Act and Gramm-Leach-Bliley, what are corporate entities expected to do about it?
Selby suggests some of the issues raised by cyberattacks can be met by the aptly named "cyberinsurance." While some may see hype and scareware in this growing line of coverage, Selby lists some of the benefits of cyberinsurance policies, which can range from covering violations of privacy laws that includes paying fines to "cyber-extortion," or meeting the expenses of a threat to disrupt a company's (or law firm's or government agency's) computer systems. Coverage is also available for threats to or attacks on a policyholder's reputation.
Another area covered under the cyberinsurance umbrella is cloud computing, since, as Selby writes, "Cloud customers may not be able to contractually transfer the risk of data breaches to the provider." Some might argue that if a cloud provider doesn't have its own policy in place for cyberattacks, don't sign the contract and seek out a safer cloud. Others might counter you should find coverage where you can.
Read the full article on LTN online.
Image by Dan Hilowitz