- Health: $402
- Financial: $264
- Transportation: $247
- Education: $220
- Retail: $200
- Media: $177
- Hospitality: $148
Insurance agencies fall within the “Financial” arena. About 5 years ago, these costs were estimated to be around $240. So while the cost per record has stayed relatively the same, the number or incidences has continued to rise. And what is a record? Virtually every customer, potential customer, prospective customer and former customer for which you maintain electronic or paper record, regardless of the extent of the information you may have.
Over the past several years, the federal government and virtually every state government has established numerous laws and regulations establishing reporting requirements for breach of data events. These laws and regulations set very detailed rules around what must be reported and what must be done to protect data privacy. While the individual cost per record has stayed relatively constant, the collection of greater and greater information about your customers could lead to an enormous cost to ensure that each person or entity is notified, and that steps have and are being taken to protect their information.
In March 2017 the state of New York has taken additional steps to regulate cyber security specifically for financial services companies that increase the regulatory requirements that insurance agencies will be required to comply with. The NAIC (National Association of Insurance Commissioners) is developing similar model regulations that will apply specifically to insurance agencies that could ultimately be enacted on a state by state basis.
What does this mean to you as both an agent and agency?
- Review your own insurance coverages to ensure that you have appropriate cyber liability and data privacy coverage in place. There are products available through the IIABA to help protect your agency.
- Review not only your commercial customers but also your personal lines customers to ensure that they have appropriate coverages in place to protect them from cyber liability, data privacy and any other type of electronic data exposure. Their exposure is possibly greater than the yours. But if they have a cyber, data or electronic loss, and they don’t have proper coverage in place, their loss could become your E&O loss.
- If they don’t have proper coverages in place, and they reject your offer to obtain the coverages, DOCUMENT their rejection, by obtaining a signed rejection from them, or sending a confirming letter or email acknowledging that they have been offered the coverage and have chosen not to take it.
- Take appropriate steps to protect your customers data by
a. Employing the most current data security measures. If you don’t know what those might be, consult the IIABA ACT. (Agents Council for Technology), website at : http://www.independentagent.com/Resources/AgencyManagement/ACT/Pages/default.aspx
b. Secure the receipt and transfer of data on your website by ensuring that all pages are properly secured. Look for the “https:” in the URL on each page where data can be entered or transferred, and if not, take steps to make it secure.
c. Designate a Chief Security Information Officer in your agency to ensure that your systems are secure and being properly monitored.
d. Limit access privileges to only those staff members that need appropriate access. And terminate their access if they leave your agency.
e. Educate yourself and train your staff on a regular basis on cyber security measures including the use of passwords on all electronic devices used for the business of the agency including desktop computers, laptops, tablets, and smartphones.
f. Create data retention policies and incident response plans.
The time to take action is before the cyber or data breach attack occurs. Because after is too late.
This article is intended to be used for general informational purposes only and is not to be relied upon or used for any particular purpose. Swiss Re shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained or referenced in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal, accounting or professional advice, nor shall it serve as a substitute for the recipient obtaining such advice. The views expressed in this article do not necessarily represent the views of the Swiss Re Group (“Swiss Re”) and/or its subsidiaries and/or management and/or shareholders.
*Richard F. Lund, JD, is a Vice President and Senior Underwriter of Swiss Re Corporate Solutions, underwriting insurance agents errors and omissions coverage. He has also been an insurance agents E&O claims counsel and has written and presented numerous E&O risk management/ loss control seminars, mock trials and articles nationwide since 1992.
Copyright 2022 Swiss Re. All rights reserved. You may use this for private or internal purposes but note that any copyright or other proprietary notices must not be removed. You are not permitted to create any modifications or derivative works of this, or to use it for commercial or other public purposes, without the prior written permission of Swiss Re.