Once again, the topic of privacy and security of electronic data has captured headlines with news that 21.5 million Americans have had their private information stolen in an attack on the government’s Office of Personnel Management.

More recently, pharmacy chain CVS has taken its online photo center offline after discovering that customers’ personal credit card data may have been compromised. This news comes days after Walmart also reported a possible breach of customer card data on its online photo processing site.

What types of information are typically compromised and what industries are most at risk? NetDiligence surveys insurance companies annually about data breach claims. Its fourth annual Cyber Claims Study summarized results for a sampling of 117 data breach insurance claims.

Some of the key findings:

  • Personally identifying information as the leading type of data exposed, followed by private health information.
  • The healthcare and financial services sectors were the most frequently breached.
  • Insider involvement was present in 32% of the claims. This includes both staff mistakes and accidental disclosures as well as rogue employees.
  • The average claim payout was $733,109 (down 23% compared to the prior year’s study).
  • The average number of records exposed was 2,411,730.
  • The average cost per record was $956.21.
  • While only 12% of the claims submitted included legal damages, the average defense cost was $698,797.

Exposure to losses from data breaches will continue to be a growing risk to businesses large and small. CFO.com reported in April 2015 that Lloyds of London continues to see healthy growth in the cyber insurance market, reporting a 50% increase in submissions in the cyber market for the first three months of 2015 compared to the same period in 2014. Approximately 70% of the purchasers of cyber insurance were first time customers.

In addition to having the proper insurance, having an appropriate cyber risk management plan in place before an incident occurs can substantially reduce the costs of a breach to both a business’s reputation and the bottom line. The Ponemon Institute’s 2014 Cost of Data Breach analysis concluded that having a strong security program and incident response plan can significantly reduce the cost of a data breach when it occurs.

John D. “Jack” Hoblitzell
Member, Kay Casto & Chaney PLLC
304.345.8900, ext. 103
jdhoblitzell@kaycasto.com 

www.kaycasto.com

Law. Business. Life.

###