Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Dark Day Planning: Insuring Against Data Loss



 By: Matt Hines
2006-12-15
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
As the financial penalties and risks associated with potential data incidents continue to mount, enterprises are seeking out insurance policies that will help them when something goes wrong.

The list of data breaches involving sensitive personal information maintained by the Privacy Rights Clearinghouse achieved a significant milestone Dec. 13, as the nonprofit group saw the total number of records exposed in such events crest the 100 million mark.

Since the PRC first began tracking data losses in February 2005, when consumer data aggregator ChoicePoint reported that fraudsters had gained access to 163,000 consumer records, most states have passed legislation forcing companies to inform individuals when their information may have been lost. The laws also essentially compel companies to admit their mistakes publicly.

Threatened by financial losses related to data leakage events, which now include potential payouts to consumers and regulators as well as revenues lost because of damage done to their corporate reputations, enterprises are turning to their insurance brokers seeking new levels of protection.

"The impact of those breach notification laws is just starting to permeate through business because of all the press given to the events and the growing expectation for companies not only to notify customers but also [to] pay for services such as credit monitoring," said Nancy Callahan, vice president of the Identity Theft and Fraud Division of insurance giant American International Group, in New York.

"The costs for informing and supporting affected consumers can be expensive, and theres also the additional cost of regulatory investigations and civil lawsuits."

Resource Library:

As a result of the widening impact of data losses, AIG has seen its business of providing insurance for potential corporate security failures shift increasingly toward protection for privacy-related risks. Another growing driver for new forms of insurance is the many government data compliance regulations that threaten stiff penalties for companies that cannot effectively defend their information, such as the Sarbanes-Oxley Act, according to Callahan.

The parameters of these newly crafted insurance policies are determined by the size of the company, the volume of data it handles and the level of protection it has established to protect IT infrastructure.

At an Information Technology Association of America conference in Virginia in November, U.S. Rep. Tom Davis, R-Va., told security experts that he believes private companies and government agencies are failing to report all their data losses, partly out of fear of the financial repercussions.

As an example of the potential fallout of a serious breach, researchers point to the Department of Veteran Affairs laptop theft incident in May, through which the agency exposed the records of an estimated 28.6 million former servicemen and servicewomen.

If the class action lawsuit currently pending against the agency in Washington—which seeks damages of $1,000 for every person listed in the missing files—were to win a settlement for every veteran affected by the information breach, the government would be on the hook for $28.6 billion.

More recently, on Dec. 12, the University of California, Los Angeles reported that a database loaded with the personal information of current and former students, faculty and staff was hacked by outsiders. The massive breach is the type of event that will push more states to put strict data protection laws on the books.

Researchers warn of security expertise shortage. Click here to read more.

"In next two years, all 50 states will have similar laws in place patterned after Californias 1386 law," said Robert Scott, attorney with Dallas-based Scott & Scott, which specializes in IT compliance law. "As a result, there are a lot of companies doing assessment of insurance coverage right now. Many dont even know what their existing coverage for these events may be or whats available."

Researchers say the majority of identity fraud is still carried out by traditional means, such as dumpster diving and credit card schemes, but indicated that the perceived risk of ID theft via the loss of electronic records will likely continue to present businesses with new financial liabilities.

However, the proliferation of state data-handling laws and compliance regulations should actually make it easier for enterprises and their insurers to prepare for potential mishaps, said Larry Ponemon, chairman of Ponemon Institute, in Elk Rapids, Mich.

Information losses cost U.S. companies an average of $182 per compromised record in 2006, compared with an average loss of $138 per record in 2005—an increase of about 31 percent, according to a report published by the Ponemon Institute in October.

"Im not surprised at all that the insurance industry is starting to take advantage of this, only that its taken this long for the market to develop," Ponemon said.

"But without the automatic penalties created by the laws, it was hard for them to underwrite the risk. Business executives are troubled by the idea of how you define the risk of a catastrophic system blowup or breach involving millions of customers, so insurance companies are seeing the potential for a fairly serious market for policies that help mitigate these risks."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.



  Reader Comments: Dark Day Planning: Insuring Against Data Loss
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}r㶲s\@♵M=ҔlcؖI*EBc")_/Oo<xӅ|L'cKh4Fw?H9wur56%SE}"I{C(`RϩIzNڶ? }~mksu;z=>;|9|AL=TadB$kwtL|ϨTS_Fܨ[`&`1ZlR!j 9i?xi='@IR(#ѺC(D=ߵ-m: \'|7*UnSp{ca_ʞz5"h4"j;^7w2 w:bq:!l m׸ڮU ؓ ۭ@5l"s9ȹ׳03dc7l#205b )V,"&3ýе:s z08ryj5jfO-=K;O=k\w=jP?bA2xư!$ne$DJHn6,uUj)BmMϳؖcqH8CEnU [۾tsyHfe$ENX*o~cn!LjXvL<:CYͼaF3l˸;4 HSKVUBX)ڑ^rӽm˙?X8NϿΕiR]vήr$QPw;@ږu`(.:'^O.a@ X_d}+5UJ`Z. G$/ Z@WP u/kzQҏZ-_ ԊhGZAAvIna̳| 3+i3*5dNߒ-~k~>E,[3sAT4 ̠K`W+eP9m<_st.[ݛ9^VSCV=BCj`BӹciueUo~vO|SQ&:aZ+U#3?_$>wNHN‰,-90omYn_H.)T|Y|ěy30si2)>ML9Zut+UkoU:^&T7o`2 4 ]=w a4zALt&:h)5?&Țb.L2o<|)mR—U/(AK/- 5f>]R${3BDȝ`g/3A.r)i `o8{ØWX\E< [˚&zlNTVʒ0Wb{g(QO .uƍv"e.ڽ^C8^%gk,]ev"JB0qjۛZ\MWJPX=*‹JMU~ _p-~~b2B cgLt `: 0hvz?>RӚOCqOCGs>H2AG66^zK tcb>'a p|w͇v1s/|\aR֔zNj$nh-D&q}@9qHhQ0<sz0Y[Sσ5[ JCˋF0P6xBe^~>axs݀ܧPr`@=XS9;ݲeǀxԜЇuKw2J}cn ȣI.B$(ZȻB!Alq [$p XV0(VFZzGBjK%6Os@PGҹ;vjP*τbZ z)0ٜʬ$5M X*ȉ#m"0%X ,gZ Xk5 Z)m *LBOzgؕJVȊ*/ğ.w<-qF}`&1 7R'~Xz /,ÂIșuS9=L{"0-f ӛmSZԛ01M,dk6q?:2` Mbb6g{A3uOP#'Կ ;7ס.g;N/=\҇1 4fכ d50J%gYA3'|(@]4>+WUPÃ"`"+42[m̞w(V֌f;NrB@S*,H@fmdz?;Oq)2Sf$),4tOݡ~~uVkCT]^u 9R@{4 m 246@Ȱ\k_X5QW(:,)T saŰ,Bl6<E9̆ɨ_-iMf@v:=F5}n&V/U OG,m+ZrirX,y|-lD0(2n( 鿙R&a+\ڨOaOwAsm0Ho[=<fM\?&BXt+@Zl&VUmTHbyq 0b={1rt\Xtf²읶ה])ϥ_(̧6y+D*> 0f&6X#˦>oُgWKHZSYClX.)Uij"yd\s˰e0:f}<~A+p& >FkwYвJzu6$\.(J9)` N 2&|h:|#H& ,w\d0!P\Q-W0.#_L_LU1(TOnQE^~~ VKŴ谢zԘ{}Qː 0gted->흧 IR-frheU-UjR9_VqTG"MϨpt1Տ'8*z)cʜEo(SYmq'&F.,ex.N3 a6}b;_&*|)2SG)EXqkX #=O f+(U|dy5&QrMuE l&ŏh(UrvݏC~=բ,A7ud*+ZR<*rmn,: /6" ޜbl[ ezפ\+ԕKOe3q18@X=x}d6 5C+jBgyr `3O?#[IdYyVum4uH"5Hq+$˴I>N0atA*}/*\&IvSf﩮 Ϛ8_arOn{W90J$7rQӊ5JR}'0LQ@Z: GYdQ.|eR)*`7%ɠK= j \|V n&RB'T5˓$/IYO)Eqjhd꒐~~ i&'ءXґ۳]5/'8 $O krwisq/Psa%dcgKe s KqkP I<+ `-;|C?SJ[LXuT䵤 g[YUHN~@R>Cp0S`0#!9˫|1}~XU*۽N H1s ذq ;eΫ P|v ,N՗?݁CO6r=ICo6OG2M .`Y #z} D{O,ikn;;=?P.zZĩUrcc䰎Ml3,LjDžܳbt`?%>iפyja~%X@RoAt#k5yׅO>4wX\/f8#-[_:Fg 'oc Ǿv/; ?-l-8cP!OhSϏ%٘NBEWU-u+lko(rYpJeOVr{ѡhd,#^d1 0d&zvA JGs`̞xqK7׷bRcR?A?'Lw.z@z@pSx6{Zg%QJW=(qM@kjiAr\<~^YZ䑽أp l$>?GB"fFcME[ofO<|nF?9bqĨ`box?r`f[w!rxVnQۮje&;R+x6uLgFgC73}^'p8xn!-eQ%̺Z,?FP=OFIς)٣N\?Grʎղ3V.<Vo'"Y 0ryuLSIhK%^1ӿc\|tf]9<,3ݘtP^"gTtw;}&JI)@.=\7./[䂟5|ǍfsSTG+d(΀,`S6AAX>fNzR(}ILN8u0_BddAWAgyV ̊ R]n!64qs AhӔ׆.CL'C1QHU(bҨS" * /LU㦔g,V b MKJ^I?xE^\Vb D*<0߶L*bV-_Ƕ&ecKnm%/2[]nGi)# i|N@ؠnS/X 3%J+3.pC%X 5⍗!Mz7!s&<͆}(6:9IԺNPV~Pb(Y [cm5Bɔv0rzYwjAL0 [8RJ4QK?|b{v!#=8LS2;-?e7!쯊3o,V&e ƌ #Qo۶ԁURKn ҕ;fk&8Ʌ>!$z$!ȧHk &noT LVږ Og2rOW:P!梓N{̢ZJz_=vԒo,=i R*+Pp?0ҥHM_:MsCn.gxn`Fx_xaBlUwb.,URmRfG$)Jgl4OIzYw(`)571/z9He 9HθWaY-IBh(t~=Z`ҦdRoLz0јxIW;VcWcH.al$L]jl.a{. Tk-R\ It >mx/2xnIMFAi pg$=Lz\$Z@mɧ/gd>=z@{mFLRFݦ63&Gxjxa$=*'%g_"!"2~s!Am׍n /dpm*uqxf`Ho?XΙ,"$M el'kB].!|||||;5kIh+P`K^,g[&$~/Ӹ|;7 пƆ TٍS͂{D GA<1<>xu Eqnu_3&Twq,]^POY`~K} /|Kl\@z@_$DP|s\7LxDّ _x}?Y4Y*: IԼ1ܥЩ&ƅ6ɪAD…7z,[&6IOMQLXqJFY]>r4N}(M/ wDDN>hFGjx`~RKNRtt=w $_EI?aXO/K(^ex8ڌw$-}UoW+z.N_J_灂3tϢ`౎P~Q fo6GwqxO|j:6:E=a愬 ,ro<6IScC{cRVJZ o;ʑ;v5 vJX op\qSWfL?徸Kj/:e\rO|k N+IצK%fgf51 NMIfxm$5?h۾a+@m\3ն->NƋw{O`YmZسG]J>6ec5H n%iYw>,o&zpy{¡YKj|!&]JD:`Yi.┉fne%s_&%J4pDzXȓI|`u1vp\|IP'|O߳"xi[.J<8=K̫״d=I͜z͋FP ђ,#;Ћ$UdZ!,rT7<4 5n;*!k(NdãEz@9Ъ es^/7>kE_A--дjgϡ1X,xė1Jz4$tw[́ b* 'y{Ddb< {4+uS\0k[m|~}#o?&n'(,@^t+\/НޤSTC䉯" 7 ~i &xQ#@LE=@`W}'pb!rc[ati ^UQvЯF~_(%+eq9IuYW X3Cv?R r{Sʫ{#k~/n#j\js3cbJbFyA y!Fv{Kb+.FK7{$qp+jj5A^ ÿMZckjrD,?t$E/]^|%2~8. dAnZVFpxAҲ0jbS,Y𚻐Kc.ZE%|ZiE]J1xy[O֘1zh*B UٜA5h]SRU BI?Zj>k`csܴ5̈ Zkaf׵Zk]s3i<1E7Zz9Z<hfU'j"[vn0u̢쒏ܸ5&HP*$Zz1}W0-^awvᮦ?3\>Sx6!Acza$+^Rc"Wc,~:;aҢSF;6vwڦRs>н3B;sxE=/VWkbt,9+m xfV-j%!V㬤{0 ":;M vfHtGw,@87xL#V¯;{9\{6ފj0>*1fD+9mFAOcBă@>+pS CR,6$AeЃ5T?0PԽG )(ȚXt J mm,%.v阎 ߄^P>g` :{ᛂrPZ->F/|T3/b=#-Ѩ#C a<$wzS4mԓFGč)׀gxBW7 elNh$~b "uFf."T( Ja\ѾiF~hvew= dP_[EaZ̉$3u{ rc'vQ]Q s<a)]աu/ OC-l  \Zs4e![޾ԔWERw.3OaH9p=S["kR1@Q>~1&v+!"'Jňc2)mDRPiat :70a9=g3bwڜՙ$ȧn犉1J \-B@ebqyy<}B%,%m)T&}fAm?pk2%Tmn$q: s;%̔,,2E<ezX<> 4鐚ydj,ywF7`C'[E9Y|ob{LgA~f\b@Ԑ0(V$Ѕ:y,@#!9ωk-ka]?X/#}|AaP8Z  +z+U'I]U@)9CȮ KƪZJdMP4coSwe2Vq6Lz%ruW0`A='i92bg4t\K ,C? &O=lFLr5WWi4uMz{'ם~{I<3m-r5:es5N-fbv>L5m+L(P^6/NSʩ`Sg̵,% y*wDE Gcqq^ qȓ(7PJTَ51o&~ecj]{=-Zq-ƫx]bȉkfhw>c͂6~V CpXmn𤕄!>E'}ҽlIJ/6ρ33_2ʯz}I8QޅnF9rz}y hjg@Si}>2?/?gVie~ ?ӹ(;5~ey|sȂȠ">_^dE^f(?@?2/"2c|/A~.32c7.n~f+ 2޿>_?/1>Arߧ}}ʠ dd  M%:Iʘ!g+\8=Rgr ~)A_d_y*%iFy 3YY ~veX^eй\52Я!ew2~2A\t[u CFWT=k /dmOu^k8VҮnq_l Σ_xi +I%i=$xEGW4<< X1rnm/ydֺWWV5VlNA6K֐'E>YlفGhO D, e%Hi_1\==r|F,+Ogu>O>^wҾl3 쓭?u}MoMg:Sw}Y&@Y8'}Q?kj LZ[WCtJ ۘs;u`- l>EM++J9wwr.CY〈bxUUEVro VVjb`" *s>P`26UJ` z!J1 =4c֭dK_c(wL"׏ ѱ;f]A˘z͛YȌNMu//ጽNۯX ā` pTB Pcoq =u] YI4s/7:tp) ?`-kD2yhp䣿 t.89ti;Ìs,iށz~4@;4Xr(9Pųl1@Щ>7rϒY3 hJ/.ӡx? CKQ,Vkk 5t0=_2nu–'*F'B;NkUErlyؼ!c0BkNX?/ Cܢ|'/UgF"0~.$c2 BrWԃ`w.̸_bv/]c .-,)m&Ĵ/޺FsFYwrlGUZQ8A{1ldf~9yj\طÏ }Cqzvtsʱ En\nܙ5LICœj@@rvokY> N:Dx^S\ F>ಓH_`H4-3 S&bb P|_|n9vDw=YDa0'&0)`tm C>XZɿ܅eNUhJl;:ߞlQ޺%76x}҄ O1Su ѫv.9|x@NlMqmj_W$z l|$_Oxƪ~Saxr=&=珀x M-IS`c^gˍt_d%\!dW<lԷ3@FWD0;"i}.KE%&(Xp\'AΙii;.<\r,#<[_ڵlAt ] D hC'+_2uEnBcV|JrX}P/) ]'[Sܟ=B;a҃f +Kei$Vi)npS`hwq#b }u+e!.1:.XݫlׁR#nȅ+`jk7E]EtA<;=3&qg®"vyX\@cbS,$Il}MX<ٰ^|&G[0tczozZ[8KY'}d. " $8jVI{{a0&iE-㨤t`C v_ <8 ci,;fcXJ YF!&ۅ7O80Ux|-h\};xrmx0#ŸErY)ZN~Lʙku-^cdX$֬LE")ԛa:(z0 s͹!׆! a+c~,Km)Ì~YW`0-ZkAkLeU|tCGYEL`&;]+NJ9=O9N*HX6c?tf ŷ@˽]^g*a?<#/ah(`yja&"e})IDy)/ρ/Q>q*g\