Search      Advanced Search | Browse By Topic
Magazine Content
Home
Features
Columnists
Industry Risk Reports
In-Depth Series
Special Reports
Point/Counterpoint
R&I One® Content
News & Analysis
Editor's Choice Stories
Resources and Tools
Power Broker® Directory
Risk InnovatorTM
Emerging Risks
Top Employee Benefits Consultant
Executives To Watch
Insights
Industry Events
WorkersComp Forum
Award Nominations
Webinars
RSS
R&I Information
Subscription Center
Advertiser Information
About Us
Contact Us
 

Newsletter Sign-up

Click on the name of the free newsletter below to preview:

R&I One®
WORKERSCOMP Forum TM Update
HTML Text
E-Mail Address:


Click here to unsubscribe
Privacy Policy
Preferences
 

Cybercoverages Coming Into Their Own

Data breach and privacy coverages seem more important than ever post Epsilon and Sony. Some industries need the coverage more than others, and some insurance companies are better at underwriting it than others.

Print Email Add to Facebook Add to Twitter Add to LinkedIn Write to the Editor Reprints

By MATTHEW BRODSKY, senior editor/Web editor of Risk & Insurance®

VANCOUVER---Jim Whetstone's phone is ringing off the hook. Risk managers are calling the senior vice president for U.S. technology and privacy manager at Hiscox Specialty after reading the news about Epsilon's and Sony's recent massive data breaches. All types of organizations are learning that they are on the hook for breach notifications in 46 states, and healthcare organizations are feeling the heat from the federal HITECH law.

The realization is sinking in: Hey, this cyberstuff is pretty serious.

"I honestly cannot think of one entity that doesn't have the exposure," the Chicago-based Whetstone said about data privacy, talking with Risk & Insurance® at the annual meeting of the Risk and Insurance Management Society Inc. (RIMS) in Vancouver.

In particular, he said, any company that handles credit cards and healthcare organizations appreciate their cyberrisk.

The healthcare industry is looking at a federal Office for Civil Rights (OCR) that aims to investigate each and every breach from the past one and a half years, Whetstone said. The fines that could be levied for such breaches are higher now thanks to a 2009 change to the Health Insurance Portability and Accountability Act (HIPAA), which could explain the newfound vigor at the OCR. What's more, state attorneys general now have authority to investigate HIPAA-related privacy issues too.

"The regulators are really turning up the heat," Whetstone said.

Plaintiff's attorneys are also working hard to find ways to get negligence cases into the courts.

While all this is taking place, new insurance carriers are entering the cyberrisk, data breach and privacy space. In total, as many as 28 markets are selling insurance products to transfer these risks. Good timing, right?

Not if these carriers are bringing the dreaded "naïve capacity."

Whetstone estimates that fewer than 10 of these 28 insurers know what they're doing in the space, these mostly being the carriers who have been selling these types of coverages for some time, know how to underwrite them, and provide specialized loss control and claims services.

May 4, 2011

Copyright 2011© LRP Publications
 
 
 
 
 
 
 
 
 
 
 
RISK logo
 

Back to top

Entire contents copyright © 2013 Risk and Insurance® All rights reserved. May not be reproduced in any form without written permission.