ITA Pro Magazine - February 2014

Insurers of all sizes face ever-expanding risk in cyber security, including new threats, increased regulation, and a burgeoning amount of data. Information that was once considered locked behind corporate firewalls is now spread across the extended enterprise thanks to cloud computing, mobile, and other distributed technologies, creating challenges for even the most seasoned security professionals.

“The whole perimeter is now gone,” says
Thomas Dunbar, senior vice president and chief
information risk officer, XL Global Services.
“There are so many third parties you share data
with and so many ways in and out of your infra-
structure, that it’s a huge challenge to constantly
The hard-dollar cost of a data breach is one
component of risk. “We can figure out worst
case scenarios,” from a cost standpoint, says Kirk
Herath, vice president, associate general counsel,
and chief privacy officer, Nationwide Insurance
Companies.

“It’s a pretty easy formula: the number of
records at risk times what it would cost to mail
notification responses, the percentage of people
who would take credit monitoring and protec-
tion, and the scalability concerns associated
with a large breach, such as the need to rent a
service center” during the remediation period,
Herath adds.

According to research by the Ponemon Institute, the breach cost per record is $188. Insurers who underwrite cyber liability coverage also have their own experience with customers’ data breaches. In the latest study by NetDiligence of cyber claims paid by insurers, the average claim was $954,253, which included legal settlement, legal defense, and crisis service costs.

“There are also the cost of forensics to assess the cause of loss. Then, you’re likely to get a class action suit you have to defend and, because you do business in a highly regulated industry, you’re likely to get investigated by regulators and need to retain outside legal counsel,” Herath says.

However, the hard-dollar cost is only part of the loss companies face. “You can recover financially from a breach, but you have to worry about what it will do to your reputation,” Dunbar says. “Reputational risk comes up constantly in our

One word that scares insurance executives, from CEOs down to network administrators is “hacked.” The loss of data and an inability to run the company website are bad enough, but the reputational risk is even more of a stain for the enterprise.