NU Online News Service, Oct. 12, 12:02 p.m.EDT
|SAN DIEGO—Hackers, known for going after largeorganizations to steal data, now have an eye toward easy pickingsin smaller companies, according to Markel's IT and data-privacyunderwriting expert.
|Jake Kouns, Markel's senior director of technology, left his jobin IT to join Markel six years ago and is determined to ridbusinesses of the "it-can't-happen-to-me" attitude toward insurancefor data breaches.
|"The risk is real, and it doesn't matter what the size of yourorganization is," he says from the National Association ofProfessional Surplus Lines Offices (NAPSLO) convention here.
|Although the thefts of records at large corporations such asSony have garnered headlines, hackers are finding easy pickings,going after small-to-midsize businesses, which Kouns says he wantsto educate and insure.
|"They [hackers] are finding it easier to steal in smallincrements," he explains. "Think about it—people start reallylooking for you when you take millions of records."
|Kouns points out that news accounts of Sony's data breach appearto imply there was one breach, but the corporation was actuallyhacked 21 times.
|The tragedy, he says, is that small-to-midsize businesses cannottypically recover from a data breach. Regulations and lawsregarding a business' obligations after a breach are different ineach state. There are additional federal regulations for thehealthcare industry. Add attorneys' fees and recovery costs, andthe amount can be prohibitive.
|On the side Kouns is one of the curators of DataLossDB.org, a research projectaimed at documenting known and reported data-loss incidentsworldwide.
|Kouns' perspective as an IT security professional appears todrive his desire to create "real insurance" for data-breachrisk.
|And he has a somewhat different, untraditional take on theinsurance that is currently provided—which isn't worth much, hecontends.
|"It's the new, sexy insurance. There are 30 carriers now writingit," Kouns says. Some carriers are providing what he terms"chop-shop" insurance—multiple exclusions included—and he doubtsthere is actually much coverage to these policies.
|The result is a developing market that can be a "saving grace ora moral hazard," he observes.
|"Right now you can get a policy with a $1 million limit for$1,500 in premium," Kouns says. "That is worrisome. It's too cheap.Companies will buy the coverage and think they don't need to doanything to secure their systems."
|Kouns says work needs to be done with companies before Markelwill underwrite the risk. The company also provides consulting andrisk-management services.
|"We want to improve security across the board because many ofthese businesses do not have a clue about this risk or what to doabout it," Kouns says.
|Other companies are identifying this growing specialty-insurancemarket trend. Hartford has expanded its cyber-risk coverage to includedata-breach coverage designed for small businesses.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.