Get A Quote News Contact Us Home Page About Us Carriers Services

Contact Us
Blog RSS Feed Like Us on Facebook Follow Us on Twitter Connect With Us

By Robert D. Chesler, Marc D. Schein

Data breaches seem to have become a routine risk for most companies, but finding the correct insurance coverage is anything but routine.
Data breaches seem to have become a routine risk for most companies, but finding the correct insurance coverage is anything but routine.


The Ponemon 2016 Cost of Breach Study underscores the need for companies to take all necessary measures to combat the scourge of data breaches.

These include the establishment of a chief information security officer, appropriate data loss prevention controls, encryption where necessary and a robust cyber insurance program. The study found that “Incident response plans and teams in place, extensive use of encryption, employee training, Business Continuity Management involvement or extensive use of Data Loss Prevention reduced the cost of data breach.”

The study confirms the resiliency of the hacking plague, and offers no hope that it will cease, or even diminish, in the foreseeable future. In the 11 years that Ponemon has conducted its study, the cost of a data breach has not fluctuated significantly. In 2016, the overall cost of a data breach was about $7 million, and the cost of each single lost record was $221, which are both slight increases from the previous year. The Ponemon Study only included “average” breaches; breaches in excess of 100,000 records were not used in the study. (The average number of breached records in incidents used in the Ponemon Study was 29,611.)

About two-thirds of the cost of a breach represented indirect costs, such as diversion of manpower to deal with the breach and loss of customers. Health care had an average cost per compromised record of $402, while the cost in the hospitality industry was $148. Moreover, unlike in earlier years, data breaches are not limited by a company’s size or industry. For example, restaurants and supermarkets have been significant victims of recent breaches. 

The threat of data breach and other computer crimes is constantly evolving. “Phishing,” by which an outsider passes itself off as a customer or financial institution and causes the transfer of funds to a false account, is rife. Ransomware and cyber extortion, in which the attacker freezes a company’s data until it’s paid off, have become major threats. No one knows what tomorrow may bring. 

Impact of the Internet of Things

This may be the year in which the Internet of Things will create major vulnerabilities in our networks. These connected devices are created to share information that’s not necessarily secure, and they’re not designed to protect the data they collect. Gartner Research expects there to be more than 20 billion such devices by 2020.

The conclusion of 2016 saw two developments that underscored the growing importance of the Internet of Things. One of the employees at a Vermont utility checked his Yahoo account on his work laptop, which was connected to the utility’s network, raising a red flag that suggested the computer was connected to an IP address associated with the hack on the Democratic Party. The good news is thus far there’s no sign that the hackers were able to access the nation’s power grid. Nonetheless, top political figures as well as businesses fear in 2017 that malware will be used to affect critical infrastructure, such as the power grid, water supply, energy, nuclear reactors and the communication sector.

The U.S. Food and Drug Administration (FDA) issued a formal advisory warning that medical devices such as pacemakers, defibrillators and insulin pumps are easily hackable. Pacemakers first came under scrutiny in August 2016 when a batch ran out of battery three months earlier than they were expected to. “If exploited, the vulnerability could result in permanent impairment, a life-threatening injury, or death,” according to the FDA.

Not sure where your business stands on cyber coverage? Let DDM help. Request a complimentary evaluation of your cyber risk today.


Robert D. Chesler, a shareholder in Anderson Kill’s Newark office, represents policyholders in a broad variety of coverage claims against their insurers and advises companies with respect to their insurance programs. Chesler is also a member of Anderson Kill's Cyber Insurance Recovery group. He can be reached at 973-642-5864.

Marc D. Schein, CIC, CLCS, a risk management consultant for Marsh & McLennan Agency, assists clients by customizing comprehensive commercial insurance programs that minimize or eliminate the burden of financial loss through cost-effective transfer of risk. He can be reached at 516-395-8504.

Share |

No Comments

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive

View Mobile Version
Home Page About Us Carriers Contact Us