link to ARMA about us

General Information                     
Overview
What is RIM?
RIM FAQs
Leadership                       
Board of Directors  
Executive Officers  
Staff Contacts  
Governance                      
Mission, Vision, Values  
Code of Professional Responsibility  
Strategic Issues*  
Operating Plan*  
Board Minutes/Reports*  
State of the Association*  
Election Information*  
Chapters & Regions                              
Chapter Leadership Directory
Region Leadership Directory
Leadership Resources**
Chapter Listing
Awards                                                    
Awards
Cobalt Award
Educational Foundation  
Media Relations  
Advertising Information                         
Media Kit
Sponsorships
Expo Guide
Buyer's Guide
Exhibitor Prospectus

join ARMA

Member Benefits  
Membership Applications                                 
New Application
Renewal Application*
LINC Application
Networking Opportunities                            
ARMA iConference
Social Media Sites
Chapter Leadership Directory
Volunteer Opportunities                            
Task Forces
Officer Candidate Application*
Code of Professional Responsibility  

ARMA publications

What is RIM?  
Regulatory Updates           
Washington Policy Brief
Canadian Policy Brief
Global Policy Brief
Standards           
Standards & Best Practices
Glossary of RIM Terms
Information Management magazine  
Buyers Guide  
InfoPro Online*  
RIMinder Newsletter  
Newswire  
Washington Policy Brief  
Canadian Policy Brief  
Global Policy Brief  
Hot Topic  
Advertising Rates  

ARMA Resources

Standards           
Standards & Best Practices
Glossary of RIM Terms
Professional Competencies  
Code of Professional Responsibility  
Training Programs  
Podcasts  
Books & Videos  
RIM Promotion Materials  
RIM 101  
Media Releases  
Job Search  
Risk Assessments  
Facilitator Resources

ARMA bookstore

New Releases  
Product Search  
View Order Status  

goto customer service

FAQs
Update Profile
Change Password
View Recent Purchases
Bookstore Order Status
Contact Us
Privacy Policy

My ARMA

Member Logon
Update Profile
Change Password
Account Preferences
Member Directory
Board Minutes*
Strategic Plan*

ARMA site map

   
  Shopping Basket  
 

 



All news

Interest in Cyber Insurance Surges

January 30, 2012

The New York Times reports that experts expect more corporations to buy cyber insurance plans in 2012 because of new Security and Exchange Commission (SEC) requirements issued in October 2011. According to the paper’s blog, the SEC now requires companies to disclose “material” cyber attacks and their costs to shareholders, and it specifically requires them to provide a “description of relevant insurance coverage.” 

The blog noted that despite the SEC requirements and the high-profile cyber attacks this past year at Sony, Google, Epsilon, RSA, and many others, only a third of companies surveyed by research group Advisen say they have purchased a cyber insurance policy.

“Everybody needs it, and most companies don’t realize they don’t have it until it’s too late,” Jacob Olcott, a principal with Good Harbor Consulting’s cyber security team.

This may be due to many companies’ incorrect assumption that data is considered “property” and is covered under normal business insurance, which means they believe they are covered for data breaches, when, in fact, they are not.

This misconception can cost a company real hard cash. A study conducted by the Ponemon Institute found that the average cost of a data breach hit $7.2 million in 2010 and cost companies $214 per compromised data record. These figures do not include the cost for stolen intellectual property, which could increase the costs greatly and have the potential to destroy an organization.

“It is now possible to suck all the information out of a company,” said Scott Borg, chief executive of the nonprofit United States Cyber Consequences Unit.

It is these kinds of statistics and experiences that lead to the upsurge in interest in cyber insurance. However, it appears this is another situation of “buyer beware.” An online article in NetworkWorld drew attention to a few misconceptions about cyber insurance and the multiple types of coverage that are available.

"The policies have limitations and constraints similar to home policies with act-of-God provisions, and that has created a lot of uncertainty about what is covered, and what the risks are," the Ponemon Institute’s Larry Ponemon says in this article. "Those who are nevertheless purchasing cyber insurance are typically very selective about what coverage they want."

Of course, cyber insurance is useful once a breach has occurred and vulnerabilities have been exposed. But often, the damage to the company’s reputation and the expense it incurs in dealing with a data breach quickly outstrip the insurance payments it may receive.

For information governance professionals, the search for cyber insurance should be combined with an approach to information security and protection that prevents data breaches and maximizes the protection of information. ARMA International’s Generally Accepted Recordkeeping Principles (GARP®) Principle of Protection states it this way:

A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity.

The business community’s increased reliance on electronic tools for conducting business transactions has made organizations vulnerable in new ways. With this in mind, the GARP® Principle of Protection also calls for organizational audit programs to evaluate whether sensitive information is being handled correctly. Such actions will contribute to the overall risk mitigation that comprehensive information governance programs can provide.

More Information:

http://www.networkworld.com/news/2011/102411-cyber-insurance-252145.html?page=1

http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2011Mar_worldwide_costofdatabreach

Diane Carlisle

NewsWire

Facebook Twitter DZone It! Digg It! StumbleUpon Technorati Del.icio.us NewsVine Reddit Blinklist Add diigo bookmark

NewsWire not only alerts you to the most significant information-related topics in the news, it provides expert analyses that put them in context for you as an information professional. Read regularly, it will help you stay current with compliance, risk management, legal, privacy, and information technology issues and understand their implications for your business environment.

Want to sign up to receive an email version of ARMA International's NewsWire? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    

Advertisement: ARMA Buyer's Guide

Advertisement: RSD

Advertisement: Ask the Expert - Imerge Consulting

 
     
 
about arma     join arma     your membership     contact arma     help   PRIVACY POLICY


© 2009, ARMA International