Insurers of all sizes face ever-expanding risk in cyber security, including new threats, increased regulation, and a burgeoning amount of data. Information that was once considered locked
behind corporate firewalls is now spread across
the extended enterprise thanks to cloud computing, mobile, and other distributed technologies,
creating challenges for even the most seasoned
security professionals.
“The whole perimeter is now gone,” says
Thomas Dunbar, senior vice president and chief
information risk officer, XL Global Services.
“There are so many third parties you share data
with and so many ways in and out of your infra-
structure, that it’s a huge challenge to constantly
The hard-dollar cost of a data breach is one
component of risk. “We can figure out worst
case scenarios,” from a cost standpoint, says Kirk
Herath, vice president, associate general counsel,
and chief privacy officer, Nationwide Insurance
Companies.
“It’s a pretty easy formula: the number of
records at risk times what it would cost to mail
notification responses, the percentage of people
who would take credit monitoring and protec-
tion, and the scalability concerns associated
with a large breach, such as the need to rent a
service center” during the remediation period,
Herath adds.
According to
research by the
Ponemon Institute, the breach
cost per record is
$188. Insurers who
underwrite cyber
liability coverage
also have their own
experience with
customers’ data
breaches. In the
latest study by NetDiligence of cyber
claims paid by
insurers, the average claim was $954,253, which
included legal settlement, legal defense, and crisis
service costs.
“There are also the cost of forensics to assess
the cause of loss. Then, you’re likely to get a class
action suit you have to defend and, because you
do business in a highly regulated industry, you’re
likely to get investigated by regulators and need to
retain outside legal counsel,” Herath says.
However, the hard-dollar cost is only part of
the loss companies face. “You can recover financially from a breach, but you have to worry about
what it will do to your reputation,” Dunbar says.
“Reputational risk comes up constantly in our
One word that scares insurance executives, from CEOs down
to network administrators is “hacked.” The loss of data and
an inability to run the company website are bad enough,
but the reputational risk is even more of a stain for the
enterprise.
OF IT ALL