Overview
What would a managed services provider (MSP) do if it was responsible for a data breach that cost its client millions of dollars? The risk is greater now than ever before. Since February 2005, the identities of approximately 93 million people have been exposed because of data leaks. Ponemon Institute conducted a recent survey of almost 500 corporate information technology departments regarding security and data losses. Ponemon reported that 81 percent of respondents have experienced a data loss recently.
These losses of information can be very costly to you and to your clients. According to a report published by Symantec, the average laptop contains data worth approximately $972,000. The Federal Bureau of Investigation Computer Crime Survey estimated that the average annual cost of computer security incidents is $67.2 billion.
A study of the actual costs incurred by companies that lost confidential customer information indicates that the average direct, indirect, and opportunity costs to companies who experienced a notice-triggering data breach was $14 million per company. Companies also saw an average cost of $140 for every customer with breached data. The average number of customers affected by breaches of confidential information was 100,000.
The costs are not only monetary, but can also include loss to business reputation and customer good will. A recent survey indicated that when companies send notice to their customers that their data has been compromised, 19 percent terminate the relationship, 40 percent consider terminating the relationship, and 27 percent are concerned about the relationship. Fifty percent of the costs associated with recovery costs after a data breach are attributable to loss of existing customers. Because data losses due to security breaches are so expensive and destructive to a business’ reputation, managed service providers must take precautions to protect themselves and their customers in the event of a breach.
Available Insurance Policies
One way for an MSP to ensure that its clients are protected is to secure appropriate insurance to cover the types of common security breaches that may occur. Several insurance providers are offering businesses new types of coverage specifically designed to assist with the risks associated with technology, including costs associated with data breaches. The types of coverage are generally not found in a traditional commercial liability or umbrella policy and can be tailored to fit the needs of the MSP. The policies include: Technology Errors & Omissions Insurance, Telecommunications Liability Insurance, Internet Professional Liability Insurance, Media Liability Insurance, Security & Privacy Insurance, Information Asset Coverage, Business Interruption Coverage, Crisis Management Coverage, and Specialty Professional Liability Insurance.
Coverage now exists to defray the costs associated with investigating a security breach to determine whether state laws require notification of the breach. Additionally, the insurance coverage will provide assistance to pay for the costs associated with breach notification requirements.