Markel: Data Breaches Not Just Aimed at Large Companies Anymore

NU Online News Service, Oct. 12, 12:02 p.m. EDT

SAN DIEGO—Hackers, known for going after large organizations to steal data, now have an eye toward easy pickings in smaller companies, according to Markel’s IT and data-privacy underwriting expert.

Jake Kouns, Markel’s senior director of technology, left his job in IT to join Markel six years ago and is determined to rid businesses of the “it-can’t-happen-to-me” attitude toward insurance for data breaches.

“The risk is real, and it doesn’t matter what the size of your organization is,” he says from the National Association of Professional Surplus Lines Offices (NAPSLO) convention here.

Although the thefts of records at large corporations such as Sony have garnered headlines, hackers are finding easy pickings, going after small-to-midsize businesses, which Kouns says he wants to educate and insure.

“They [hackers] are finding it easier to steal in small increments,” he explains. “Think about it—people start really looking for you when you take millions of records.”

Kouns points out that news accounts of Sony’s data breach appear to imply there was one breach, but the corporation was actually hacked 21 times.

The tragedy, he says, is that small-to-midsize businesses cannot typically recover from a data breach. Regulations and laws regarding a business’ obligations after a breach are different in each state. There are additional federal regulations for the healthcare industry. Add attorneys’ fees and recovery costs, and the amount can be prohibitive.

On the side Kouns is one of the curators of, a research project aimed at documenting known and reported data-loss incidents worldwide.

Kouns’ perspective as an IT security professional appears to drive his desire to create “real insurance” for data-breach risk.

And he has a somewhat different, untraditional take on the insurance that is currently provided—which isn’t worth much, he contends.

“It’s the new, sexy insurance. There are 30 carriers now writing it,” Kouns says. Some carriers are providing what he terms “chop-shop” insurance—multiple exclusions included—and he doubts there is actually much coverage to these policies.

The result is a developing market that can be a “saving grace or a moral hazard,” he observes.

“Right now you can get a policy with a $1 million limit for $1,500 in premium,” Kouns says. “That is worrisome. It’s too cheap. Companies will buy the coverage and think they don’t need to do anything to secure their systems.”

Kouns says work needs to be done with companies before Markel will underwrite the risk. The company also provides consulting and risk-management services.

“We want to improve security across the board because many of these businesses do not have a clue about this risk or what to do about it,” Kouns says.

Other companies are identifying this growing specialty-insurance market trend.  Hartford has expanded its cyber-risk coverage to include data-breach coverage designed for small businesses.


Resource Center

View All »

Increase Sales Conversion with this Complimentary White Paper

This whitepaper will share proven techniques - used by many of the industry's top producers...

D&O Policy Definitions: Don't Overlook These Critical Terms

Unlike other forms of insurance where standard policy language prevails, with D&O policies, even seemingly...

Environmental Risk: Lessons Learned from Willy Wonka and the Chocolate...

Whether it’s a chocolate factory or an industrial wastewater treatment facility, cleanup and impacts to...

More Data, Earlier: The Value of Incorporating Data and Analytics...

Incorporating more data earlier in claims lifecycles can help you reduce severity payments by 25%*...

How Many Of Your Clients Are At Risk Of Flood?

Every home is vulnerable to flooding. Learn four compelling reasons why discussing flood insurance with...

Gauging your Business Intelligence Analytics Capabilities and the Impact of...

Big Data, Data Lakes and Data Swamps, How to gauge your company's Big Data readiness....

Extending Contact Center Capabilities Across the Insurance Enterprise

Today advancements in technology are making a big impact on business and society. To yield...

Drug and Alcohol Testing Requirements

In this two-part series, NBIS Risk Management team will break down the requirements to assist...

Why Cyber Liability is Essential for Human Service Organizations

For traditional low-tech operations, information is often compromised in ways that don't involve technology. Access...

A Solution for Large Commercial Habitational Accounts

6 Reasons to place your LARGE Habitational Accounts with Dauntless.

Risk Management Report eNewsletter

Identify problems involving emerging risks, reinsurance, and business interruption with help from Risk Management Report - FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.