Data Security Presents a Risk — and Sales Opportunity — for Agents
Data security represents a new risk for independent insurance agencies that may not be compliant with data security laws or have plans in place to protect their companies from data breaches.
It also represents a new market opportunity to sell insurance coverage.
Failing to protect data can have a huge financial impact on a company. According to the “U.S. Cost of Data Breach Study” conducted by data protection company PGP Corp. and The Ponemon Institute, data breach incidents cost U.S. companies $202 per compromised customer record in 2008. Lost business is the most costly effect, averaging $4.59 million or $139 per record compromised.
“After four years of conducting this study, one thing remains constant: U.S. businesses continue to pay dearly for having a data breach,” said Dr. Larry Ponemon, chairman of The Ponemon Institute. “As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy.”
There are many types of breaches. Kroll Inc. found that 4.8 percent occur in disposal of documents on computers; 1.8 percent occur with e-mail; 20.8 percent occur because of hacking; 22.4 percent occur because of lost, missing or stolen laptops; and 15.3 percent occur via the Web.
Oftentimes, the data security breaches are a result of not having the appropriate procedures in place to prevent employee mischief. “Typically, we find that technology people doing the work don’t have security background checks but they’re given access to the systems. So we find that a lot of security breaches are done by insiders,” said Thomas Katona, president, managing member of Apogee Insurance Group.
A Prevention Plan
Indeed, one hurdle is that companies often don’t understand the exposure, according to Leslie Lamb, global risk and insurance manager for Cisco Systems Inc. “Cyber liability is fairly new, and we’re all fairly vulnerable,” Lamb said. Companies may not have the right protocol in place to prevent data security breaches, and they might not have clear guidelines to handle a breach if one occurs.
But it’s important for business owners to get up to speed. “If a breach occurs, the ability to respond must be timely,” said Shena Crowe, Infragard Coordinator for the Federal Bureau of Investigation. “Companies only have about 30 days or less.”
“After a breach, a lot of companies don’t know what to do,” said Adam Sills, underwriter for Darwin Professional Underwriters Inc. For instance, companies do not have to send notices to customers for every sort of breach — but if they do, that will incur costs. Although it may not be required by law, many consumers expect the company to offer them credit monitoring, which can be a huge additional cost.
Notification costs $1 to $2 per individual; credit monitoring costs $10 to $20 per person per year, said Nicholas Economidis, an underwriter for Beazley USA. Regulations in 44 states, the District of Columbia, Puerto Rico and the Virgin Islands require that individuals be notified if their data has been lost, stolen, or compromised.
“Having a response plan in place can save a lot of money,” Sills said.
Despite the gravity of the issue, business owners have a false sense of security, showed a recent national survey by Zogby International on behalf of Identity Theft 911. In the study, most business owners indicated data breaches were not the highest priority.
Agent Opportunities
While it is challenging to keep up with technology, that constant change is also what makes this is a good time for independent insurance agents to be selling coverages to help protect their clients.
“It isn’t a matter of if an exposure might occur, it will occur,” Katona said. “Ninety-eight percent of the time, companies have voices in their secure data information that will expose them, with things like HIPAA (Health Insurance Portability and Accountability Act) information, credit card information and people’s home addresses. … I would guess that 5 percent of the world has coverage for secured data. That’s only a guesstimate, but it’s an enormous market, even for main street businesses that are doing credit card transactions.
“I think agents, in a soft market, should be paying attention to the emerging coverages. This is one of those coverages, and one that most of their clients probably do not have,” Katona added. “I think when they talk to their insureds, they will find that they are concerned about it.”
Of course, agents and brokers must educate themselves if they are to help their clients. Katona offers sugegsted questions for agents to ask their clients:
- Does the client transacts business over the Internet?
- Does the client move information to another party over the Internet?
- What are the underpinnings of the client’s technology?
- Does the client have a firewall?
- What processes and procedures are in place for things like encryption?
- What processes and procedures are in place for people accessing company computers?
“Spend time to manuscript coverage to match the client’s exposure,” Cisco Systems’ Lamb said.
Above all, agents should take steps to ensure they’re covered themselves. The Gramm-Leach-Bliley Act requires companies to have security measures in place but Katona says “98 percent” of the agencies he deals with are not compliant. “As … insurance agents and brokers, we have a responsibility to protect that data.”
Web Resource:
More information on state data breach laws is available from the National Conference of State Legislatures at www.ncsl.org.
- Fannie and Freddie Hit Pause on Replacement-Value Requirements for Home Insurance
- Buffett’s Berkshire Reveals $6.7 Billion Stake in Insurer Chubb
- Popular SC Country Music Venue Shuts Down Due to Liquor Liability Insurance Costs
- Auto Insurance Shopping ‘Hot,’ Consumers Switching ‘Sizzling’: LexisNexis