Thank you for visiting the Euclid Managers, LLC Weblog. For the past 6 years, our blog has been primarily dedicated to providing professional liability insurance coverage news and analysis for the internet, tech and media industries. We hope you enjoy reading our blog entries and we welcome your story ideas. Our blog is updated with new entries about twice a month so please bookmark our site or just use our RSS feed. Need sample claims? Visit the Claim Examples section of our Blog.
Thank you for visiting the Euclid Managers, LLC Weblog.
For the past 6 years, our blog has been primarily dedicated to providing professional liability insurance coverage news and analysis for the internet, tech and media industries. We hope you enjoy reading our blog entries and we welcome your story ideas. Our blog is updated with new entries about twice a month so please bookmark our site or just use our RSS feed.
Need sample claims? Visit the Claim Examples section of our Blog.
As previously discussed, using the cloud can create a variety of new risks and considerations for companies. Here’s a fresh list of items to watch out for based on the following cloud scenario. Note: negligent error or omission is still the greatest exposure a company can face from a professional liability insurance perspective. Using the cloud only increases this exposure because the cloud is outside the company’s control.
A company decides to use the cloud for its infrastructure, service, storage and phone service. The cloud provider stores the company’s data overseas.
1. Transmission of data to servers outside the United States may cause the company to be an exporter under the EAR. This could be a new exposure if the company is not otherwise considered an exporter. An unintentional violation of the EAR may result in an administrative penalty ranging from $11,000 to $120,000 per violation.
The Final Rule for HIPAA Privacy, Security and Enforcement Rules is scheduled to be effective on March 26 of this year. One of the many changes applicable to the privacy and security rules is a change regarding the breach notification requirement for unsecured protected health data of individuals. The Final Rule requires a risk assessment, and sets out guidelines for it, in order to avoid notifying of affected individuals of a breach. Notification of a breach can now only be avoided if the risk assessment shows there is very little chance that the protected health info has been compromised. Previously, if it was determined that the breach posed no significant risk of harm to the individual, then notification was not mandatory.
Symantec and The National Cyber Security Alliance studied the security habits and beliefs of small businesses across the U.S. in a September of 2012 survey. For the survey, a small business is defined one with less than 250 employees. The results seem to indicate small businesses do feel secure even though they appear to lack security policies and practices. Here’s a sampling of the survey results:
In its article, How IT is failing to teach users about BYOD security threats and some solutions, CiteWorld reports on a survey of the mobile device habits of 400 workers in a variety of industries and jobs. Specifically, the survey analyzes the security on the employee device used for work. Some survey results:
*Nearly half of those surveyed reported their company IT department had not discussed device security with them.
*Over half of those surveyed said their company did not have a formal security policy for devices or were unsure if there was a policy.
*About 75 percent reported their company did not have the ability to remotely wipe data from their device or they did not know whether or not the company could wipe their device.
According to the 2011 Cost of Data Breach Study: United States, the cost per lost record for a data breach has declined for the first time in the past seven years. In 2010, it was $214. In 2011, it was $194. A key contributor to the cost decrease, according to the study, is the hiring of a Chief Information Security Officer or the use of an outside consultant to assist with response to a data breach. In a continuing signal to how common the data breach has become, the study reports more company clients are remaining loyal to the company when it suffers a breach. The report also identifies the central causes of the data breach. These include company employees or insiders who are negligent and criminal attacks. Read more about the study or review the 2010 study conclusions.
The 2011/2012 Judicial Hellholes report from the American Tort Reform Foundation identifies Philadelphia at the top of the list, followed by California, West Virginia and South Florida. Two counties in Illinois, Madison and St Clair, round out the top five. The top four do not appear to have changed from the 2010/2011 report but there has been some shifting around for fifth place. Cook County IL, the previous holder of fifth place, has been moved all of the way off the rankings to the watch list. The report reasons the lack of civil justice reform keeps it on the watch list but since it experienced a relatively low-key year, it was allowed to fall from fifth place. Of note, Madison County IL was previously on the watch list but moved clear up to a fifth place ranking due in part to the large number of asbestos related cases.
Insurance Journal recently reported on a survey by Towers Watson indicating that the majority of companies do not buy cyber insurance. The report, 2012 Risk and Finance Manager Survey, shows over 7o percent of those surveyed are not buying network security /privacy liability policies. According to the survey, this number has not changed significantly from the previous year and when coverage is purchased, lower limits are procured, with about 40% of the buyers opting for limits of 1 to 5 million.