The many risks are evident. Private information of all kinds—personal, financial, medical—resides on the computers of nearly every business. Hackers and identity thieves increasingly are compromising system vulnerabilities, seeking to break in and exploit the details.
Hacking has been generating high-profile news lately. Citigroup warned 360,000 credit card customers that some account data was compromised. AT&T apologized to 114,000 new iPad owners, including celebrities, after hackers leaked their email addresses to an online gossip site. Privacy breaches, both accidental and criminal, are increasing steadily, along with their costs.
Common causes of data losses include criminal attacks by hackers, mistakes by employees or third-party outsourcers, and loss or theft of laptops and other mobile devices. Some recent examples from the Identity Theft Resource Center:
- An IT vendor for a health insurer reports stolen computer drives holding data on 1.9 million customers: names, addresses, medical information, Social Security numbers and other financial information
- A medical transcription firm inadvertently opens its server to access from the Internet, making more than 1,000 detailed patient records potentially available to third parties
- A direct marketing vendor sends a mailing that accidentally prints the Social Security numbers of 8,000 people on the outside of the envelope
- A collection firm is hacked, losing 1,800 consumers’ confidential credit reports
- An employee of a call center improperly downloads an electronic database of customer identities, Social Security numbers and payment card details
- An email marketer for dozens of the largest U.S. companies is hit by hackers who gain access to millions of consumers’ names and email addresses.
A loss can be extremely costly to a company. The average cost of 51 data breaches at U.S. businesses studied in 2010 was $7.2 million, or $214 per affected customer, according to the Ponemon Institute, a think tank on security issues.
Data restoration coverage may be required to offset the company’s expenses to restore customer, vendor and employee files, which can be substantial depending on the severity of the data breach.
A final coverage, computer system extortion coverage, may also be useful to protect businesses against hackers holding confidential data for "ransom." Often compared to kidnap and ransom coverage, this coverage provides funds that can be used by a company to investigate extortion threats and/or pay extortion losses, when a hacker gains access to company systems and demands payment to not disseminate the confidential information.