Filed Under:Risk, Enterprise Risk Management

Markel: Data Breaches Not Just Aimed at Large Companies Anymore

NU Online News Service, Oct. 12, 12:02 p.m. EDT

SAN DIEGO—Hackers, known for going after large organizations to steal data, now have an eye toward easy pickings in smaller companies, according to Markel’s IT and data-privacy underwriting expert.

Jake Kouns, Markel’s senior director of technology, left his job in IT to join Markel six years ago and is determined to rid businesses of the “it-can’t-happen-to-me” attitude toward insurance for data breaches.

“The risk is real, and it doesn’t matter what the size of your organization is,” he says from the National Association of Professional Surplus Lines Offices (NAPSLO) convention here.

Although the thefts of records at large corporations such as Sony have garnered headlines, hackers are finding easy pickings, going after small-to-midsize businesses, which Kouns says he wants to educate and insure.

“They [hackers] are finding it easier to steal in small increments,” he explains. “Think about it—people start really looking for you when you take millions of records.”

Kouns points out that news accounts of Sony’s data breach appear to imply there was one breach, but the corporation was actually hacked 21 times.

The tragedy, he says, is that small-to-midsize businesses cannot typically recover from a data breach. Regulations and laws regarding a business’ obligations after a breach are different in each state. There are additional federal regulations for the healthcare industry. Add attorneys’ fees and recovery costs, and the amount can be prohibitive.

On the side Kouns is one of the curators of, a research project aimed at documenting known and reported data-loss incidents worldwide.

Kouns’ perspective as an IT security professional appears to drive his desire to create “real insurance” for data-breach risk.

And he has a somewhat different, untraditional take on the insurance that is currently provided—which isn’t worth much, he contends.

“It’s the new, sexy insurance. There are 30 carriers now writing it,” Kouns says. Some carriers are providing what he terms “chop-shop” insurance—multiple exclusions included—and he doubts there is actually much coverage to these policies.

The result is a developing market that can be a “saving grace or a moral hazard,” he observes.

“Right now you can get a policy with a $1 million limit for $1,500 in premium,” Kouns says. “That is worrisome. It’s too cheap. Companies will buy the coverage and think they don’t need to do anything to secure their systems.”

Kouns says work needs to be done with companies before Markel will underwrite the risk. The company also provides consulting and risk-management services.

“We want to improve security across the board because many of these businesses do not have a clue about this risk or what to do about it,” Kouns says.

Other companies are identifying this growing specialty-insurance market trend.  Hartford has expanded its cyber-risk coverage to include data-breach coverage designed for small businesses.

Featured Video

Most Recent Videos

Video Library ››

Top Story

6 tips to avoid accidents on Black Friday — and Black Sunday

Just because the turkey's been eaten doesn't mean the rest of the weekend is without risk.

Top Story

20 most popular vehicles of 2015, ranked from worst to best for insurance cost

Agents can help their customers figure out if they are getting their money's worth.

More Resources


eNewsletter Sign Up

Risk Management Report eNewsletter

Identify problems involving emerging risks, reinsurance, and business interruption with help from Risk Management Report - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.