Performance Thinking

Expert information and solutions for your business.

Spring 2013

Privacy Liability, Network Security Liability, Cyber Liability…

Exposures grow with the impact of a multitude of state and federal laws governing the protection of consumers’ private data.

Privacy liability and network security liability are hot topics in the media these days with articles appearing not just in insurance and technology trade journals, but in the Wall Street Journal, USA Today, Businessweek and other national and international publications. Once perceived as a risk only to larger companies, technology providers, healthcare organizations, financial institutions, or governments, more small to mid-sized private companies are trying to address, or at least discuss, the exposures resulting from a multitude of state and federal laws governing the protection of consumers’ private data.

These laws establish an organization’s responsibilities following a breach or possible breach of customer data. This may include notifying customers by certified mail of the possibility that their personal information has been compromised and providing credit monitoring to those customers for a period of time after the breach is discovered. Failure to comply with those state laws or failure to report a breach may result in regulatory investigations or actions, private litigation brought by the customers themselves, and follow up shareholder suits.

The Impact of a Breach

In addition to companies grasping the potential implications of the passage of these laws, many companies are discussing how to address privacy liability and network security issues because they have already experienced a breach. According to DataLoss DB, there were 1,606 breaches of personally identifiable information reported by companies in 2012, up from 1,090 in 2011 and 828 in 2010. According to a recent Symantec report, 31% of all cyber attacks in 2012 targeted companies with fewer than 250 employees.