Home Facebook Twitter LinkedIn GooglePlus
Term Life Whole Life Variable Life

Data Breaches - Everyone is Vulnerable, but Protection Is Available

Technology allows us to connect in previously unimaginable ways, where we can schedule doctor appointments, order food, shop, pay bills, transfer money and more with the touch of a finger. Our digital fingerprints are everywhere, and businesses collecting all this personal information need to be aware of the risks they face in doing so.

Businesses are retaining and using an exponentially increasing amount of interconnected data, and they have a public responsibility and legal obligation to keep it secure. Opportunistic and innovative cyber criminals have more access than ever before and legislation, individuals and businesses seem one step behind when it comes to protecting their data.

What data is at risk?

PII - Personally Identifiable Information, e.g., social security and driver’s license numbers, bank account information, online account user names and passwords, medical and health insurance information.

PHI - Protected Health Information, which is information relating to the provision and payment of health care that can be used to identify an individual.

PCI – Payment Card Information, including debit and credit cards.

Key Facts

Malicious actors continually seek new security vulnerabilities to exploit and access valuable and sensitive information.  Hacking has become the most prevalent cause of data loss, and the number of hacking incidents is rapidly increasing.  Many companies believe privacy and data breaches won’t happen to them, but three key facts stand:

Fact 1: Breaches are bigger and more costly than ever before

According to an independent study conducted by Ponemon Institute, LLC for IBM in May 2015:

·         Average post data breach costs in 2014 were $1.6M; $1.64M in 2015

·         Average lost business costs in 2014 were $3.32M; $3.72M in 2015

·         Average records lost per breach in 2014 were 23,647; 28,070 in 2015

·         Average cost per record breached in 2014 was $201; $217 in 2015

·         Average cost paid for all breaches in 2014 was $5.9M; $6.5M in 2015

Fact 2: Every industry and size of business is at risk

Several business have emerged as notable targets, making up nearly half (49%) of all breaches in 2014.  Costs per record breached are higher is certain industries than others.


2014 %

Cost Per Record

Business & Professional Services






Financial Services



Media & Entertainment



  Fact 3: All organizations are susceptible to internal and external threats such as:

  • State-sponsored - A group employed by the government of a nation state.
  • Script Kiddies - A usually inexperienced person or group acting on their own, and not a member of any other threat category.
  • Hacktivist - An individual or group who performs attacks to draw attention to or hinder support of a cause such as free speech.
  • Organized Crime - Groups of criminals engaging in illegal activity to extort money or hired to carry out an attack.
  • Insiders - Employees or other privileged users associated with an organization.
  • Cyber terrorist - One who carries out attacks of the purpose of causing fear or panic.  Individual is motivated by ideological or political goals or is associated with a known terrorist group. 

The costs of resolving a data breach are daunting, no matter what size the business. Sources of costs include: detection, escalation, notification, remediation and lost business in both income and reputation.

60% of small to medium sized businesses close six months after suffering a breach. Unfortunately, most small organizations lack the resources to rebound from the costs of managing a data breach.  Businesses with 10,000 records or less have a 22% chance of a data breach occurring according to a 2014 study.  These statistics have skyrocketed since that study was conducted.

Forty-seven states, including Puerto Rico, Washington, D.C. and the Virgin Islands require notice to customers after unauthorized access to PII/PHI, and each state may define PII a bit differently. Notice is typically due ‘without unreasonable delay’ and businesses are subject to high fines for non-compliance or delay. Some states also require notification to the state attorney general and/or state consumer protection agencies.

Protect Your Business

There is no ‘one size fits all’ approach to adequately insure privacy exposures. Companies must each assess their own exposures and purchase coverage that specifically caters to the risks inherent to their specific business.  Contact ISA today for a no obligation Cyber Liability quote.  We can tailor a policy that best fits your needs.  Our policies offer both first and third party coverages with the following coverage options:

Privacy Protection

Breach Costs

Cyber Business Interruption

Hacker Damage




Don’t let a data breach cripple your business.  Get a quote today.  It’s less expensive than you may think.


Note: Given the breadth of topic and its consistent evolution, this publication focuses on the exposures for which the insurance industry has to date developed generally accepted solutions.

Data compiled from:

2015 Cost of Data Breach Study: United States - Benchmark research sponsored by IBM.  Independently conducted by Ponemon Institute LLC, May 2015
Hiscox PRO Privacy 101 Agent’s Brochure

Business is Less Risky With Cyber Insurance, Posted by Sean Morriss on October 24th, 2013 in Business Insurance, Cyber Insurance, Management & Liability, Professional Indemnity


Beki English - Insurance Service of Asheville - benglish@isa-avl.com
Posted 4:14 PM

Share |

No Comments

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2018
  • 2017
  • 2016

View Mobile Version

  • Carrier
  • Carrier
  • Carrier
  • Carrier
  • Carrier
  • Carrier
  • Carrier
  • Carrier
  • Carrier
  • Carrier

Powered by Insurance Website Builder

Email Us Call Us Locations