Loss of personal and private information is the biggest security risk today. Public entities especially have a big exposure and many have credit card and bank account information. They also have medical programs with public health records, tax records, public employee benefit and retirement information, names and addresses of public school children, and court and criminal records, the protection of which is often subject to federal statutes. The cost of notifying potential victims, offering credit or identity monitoring services, consulting with a public relations firm to control reputation damage, as well as defense and settlement expenses, can be exorbitant.
In April 2011 the Texas Comptroller of Public Accounts discovered that unencrypted data from the Teacher Retirement Center of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas had been posted on a public server for nearly a year. Class action lawsuits have been filed against the state on behalf of approximately 3.5 million current and former state employees.
Employee training is key in these cases. It only takes one employee's mistake and you have a privacy issue on your hands. That's why insurance companies, when they consider insuring governmental or commercial organizations of cyber risks, focus on the proactive risk management techniques and employee training that the entity has in place or needs to establish.
Insurance is a "risk transfer vehicle". It doesn't make the risk go away, it just pays for it if there's a problem.
Ben Goodwyn Agency 972.618.0100 shelly@bengoodwynagency.com
No comments:
Post a Comment