Filed Under:, Enterprise Risk Management

Markel: Data Breaches Not Just Aimed at Large Companies Anymore

NU Online News Service, Oct. 12, 12:02 p.m. EDT

SAN DIEGO—Hackers, known for going after large organizations to steal data, now have an eye toward easy pickings in smaller companies, according to Markel’s IT and data-privacy underwriting expert.

Jake Kouns, Markel’s senior director of technology, left his job in IT to join Markel six years ago and is determined to rid businesses of the “it-can’t-happen-to-me” attitude toward insurance for data breaches.

“The risk is real, and it doesn’t matter what the size of your organization is,” he says from the National Association of Professional Surplus Lines Offices (NAPSLO) convention here.

Although the thefts of records at large corporations such as Sony have garnered headlines, hackers are finding easy pickings, going after small-to-midsize businesses, which Kouns says he wants to educate and insure.

“They [hackers] are finding it easier to steal in small increments,” he explains. “Think about it—people start really looking for you when you take millions of records.”

Kouns points out that news accounts of Sony’s data breach appear to imply there was one breach, but the corporation was actually hacked 21 times.

The tragedy, he says, is that small-to-midsize businesses cannot typically recover from a data breach. Regulations and laws regarding a business’ obligations after a breach are different in each state. There are additional federal regulations for the healthcare industry. Add attorneys’ fees and recovery costs, and the amount can be prohibitive.

On the side Kouns is one of the curators of, a research project aimed at documenting known and reported data-loss incidents worldwide.

Kouns’ perspective as an IT security professional appears to drive his desire to create “real insurance” for data-breach risk.

And he has a somewhat different, untraditional take on the insurance that is currently provided—which isn’t worth much, he contends.

“It’s the new, sexy insurance. There are 30 carriers now writing it,” Kouns says. Some carriers are providing what he terms “chop-shop” insurance—multiple exclusions included—and he doubts there is actually much coverage to these policies.

The result is a developing market that can be a “saving grace or a moral hazard,” he observes.

“Right now you can get a policy with a $1 million limit for $1,500 in premium,” Kouns says. “That is worrisome. It’s too cheap. Companies will buy the coverage and think they don’t need to do anything to secure their systems.”

Kouns says work needs to be done with companies before Markel will underwrite the risk. The company also provides consulting and risk-management services.

“We want to improve security across the board because many of these businesses do not have a clue about this risk or what to do about it,” Kouns says.

Other companies are identifying this growing specialty-insurance market trend.  Hartford has expanded its cyber-risk coverage to include data-breach coverage designed for small businesses.

Featured Video

Most Recent Videos

Video Library ››

Top Story

5 things to know about the NAIC's new cybersecurity model law

The NAIC's newly-adopted Insurance Data Security Model Law provides guidance for carriers, agents, brokers and their business partners.

Top Story

5 insurance advisor marketing mistakes to avoid

The right marketing tactics can help insurance agents and brokers reach their goals.

More Resources


eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.