NU Online News Service, Oct. 12, 12:02 p.m.EDT

SAN DIEGO—Hackers, known for going after largeorganizations to steal data, now have an eye toward easy pickingsin smaller companies, according to Markel's IT and data-privacyunderwriting expert.

Jake Kouns, Markel's senior director of technology, left his jobin IT to join Markel six years ago and is determined to ridbusinesses of the "it-can't-happen-to-me" attitude toward insurancefor data breaches.

"The risk is real, and it doesn't matter what the size of yourorganization is," he says from the National Association ofProfessional Surplus Lines Offices (NAPSLO) convention here.

Although the thefts of records at large corporations such asSony have garnered headlines, hackers are finding easy pickings,going after small-to-midsize businesses, which Kouns says he wantsto educate and insure.

"They [hackers] are finding it easier to steal in smallincrements," he explains. "Think about it—people start reallylooking for you when you take millions of records."

Kouns points out that news accounts of Sony's data breach appearto imply there was one breach, but the corporation was actuallyhacked 21 times.

The tragedy, he says, is that small-to-midsize businesses cannottypically recover from a data breach. Regulations and lawsregarding a business' obligations after a breach are different ineach state. There are additional federal regulations for thehealthcare industry. Add attorneys' fees and recovery costs, andthe amount can be prohibitive.

On the side Kouns is one of the curators of DataLossDB.org, a research projectaimed at documenting known and reported data-loss incidentsworldwide.

Kouns' perspective as an IT security professional appears todrive his desire to create "real insurance" for data-breachrisk.

And he has a somewhat different, untraditional take on theinsurance that is currently provided—which isn't worth much, hecontends.

"It's the new, sexy insurance. There are 30 carriers now writingit," Kouns says. Some carriers are providing what he terms"chop-shop" insurance—multiple exclusions included—and he doubtsthere is actually much coverage to these policies.

The result is a developing market that can be a "saving grace ora moral hazard," he observes.

"Right now you can get a policy with a $1 million limit for$1,500 in premium," Kouns says. "That is worrisome. It's too cheap.Companies will buy the coverage and think they don't need to doanything to secure their systems."

Kouns says work needs to be done with companies before Markelwill underwrite the risk. The company also provides consulting andrisk-management services.

"We want to improve security across the board because many ofthese businesses do not have a clue about this risk or what to doabout it," Kouns says.

Other companies are identifying this growing specialty-insurancemarket trend.  Hartford has expanded its cyber-risk coverage to includedata-breach coverage designed for small businesses.