So your organization sells a data breach or cyber liability insurance product that covers notification costs and ancillary services in the event your insured has a data breach and their customer’s personal data is compromised.

Executive Summary

OneBeacon's Technology Risk Control Officer Tushar Nandwana provides the basics of encryption—defining the term, reviewing the types of encryption systems used in day-to-day processes, and explaining potential pitfalls with such systems.

Let’s consider a few facts (from Ponemon Institute’s “2011 Cost of Data Breach Study: United States,” March 2012):

The average cost for detection and notification per breached record is $194. The average cost for notification for an organization is $560,000. Currently, 46 states have enacted laws that require notification in the event of a data breach.

Clearly, a breach event could result in a sizable covered loss under a data breach policy. However, the same 46 states also have safe harbor provisions regarding notification if the breached data is encrypted. Many statutes aren’t even triggered if the personal data is encrypted.

Member Only Content

To continue reading, purchase this article or become a member.

*Already have an account? Click here to login