Tag Archives: data breach incident

Cyber Insurance: Make Sure You Understand Your Coverage

Today, businesses are increasingly purchasing cyber-specific insurance in an effort to mitigate the financial impact of a breach or other cybercrime.  In terms of what might be covered in a cyber insurance policy, there are basically two types of coverage – “first party” coverage and “third-party” coverage.  First party coverage covers the types of losses that your company might suffer directly in the event of a data incident.  That may include losses, some of which may be covered and some not, such as data destruction, denial of service attacks, incident response, crisis management, public relations, forensic investigation, remediation, breach notifications, …

[ CONTINUE READING ]

Hackers Aim Sights on Small Biz

We’ve become accustomed to data breaches. For consumers, data breaches are irritating, can be inconvenient, and sometimes create identity theft issues for those affected. Consumers expect “the big boys” to have data security and privacy under control. They take offense when their personal data is compromised, and they assume that a data breach occurred because of a lack of rigor in process, or lack of investment in technologies and methodologies designed to protect their information. Many companies have managed the risk associated with data breach by making sure their insurance limits are adequate to cover the eventuality. That’s a prudent …

[ CONTINUE READING ]

Is a Uniform Federal Data Breach Law Really Necessary?

In June 2015, the United States Office of Personnel Management announced a massive data breach. Estimates are that the breach compromises the personal information of up to 18 million current, former and potential federal employees. This data breach joined the growing list of mega breaches that has many calling for a single, federal, uniform data breach notification law, to replace and preempt the current so-called “patchwork” of state laws that exist in all but a handful of states. On July 7, 2015, the Attorneys General of 47 states and US territories joined together in a letter to congressional leaders opposing …

[ CONTINUE READING ]

SCOTUS Decision in Spokeo Could Have Significant Impact on Data Breach Litigation

Following several significant data breaches in 2014 and 2015, including one reported just last week by the IRS, organizations of all types are on high alert to safeguard against data breaches and to prepare incident response plans, recognizing that no one is immune. As organizations prepare for a future business climate in which consumers and government regulators alike expect proactive risk assessment and programs to address identified vulnerabilities, there is little question that such heightened expectations will lead to significant future regulatory action and litigation in the aftermath of data breaches. At a May 11, 2015 event hosted by U.S. …

[ CONTINUE READING ]

The Cost of a Data Breach

In 2014, the Ponemon Institute published the 2014 Cost of Data Breach Study that includes interesting cost information related to remediation efforts undertaken by 61 companies that operate in the United States. The study reports that the average remediation cost for each lost or stolen record containing confidential or sensitive information was $201.  The average total cost of remediation efforts was $5.85 million per incident. The number of breached records per incident studied ranged from 5,000 to slightly more than 100,000 records.  The average number of breached records in the Study was 29,087.  The average cost of $201 per record …

[ CONTINUE READING ]

Do You Have a Data Breach Response Plan? U.S. Department of Justice Thinks You Should

In the wake of significant retailer data breaches in 2013 and 2014, and additional significant breaches continuing in 2015, a trend is clearly developing — an expectation of proactive risk identification and mitigation from a legal, technical and business process perspective as the “gold standard” in terms of what organizations should be doing to protect sensitive customer, consumer or individual data, particularly with regard to the ever-expanding category of “personally identifiable information.” Massachusetts, Nevada and New Hampshire have passed laws specifically requiring private sector cybersecurity assessment and adherence to security standards by companies holding sensitive consumer data. It’s a matter …

[ CONTINUE READING ]