It’s the key to protecting your bottom line
Businesses can no longer afford to treat data security as just another problem for the IT department. It’s now a mission-critical issue for the executive suite. Companies that fail to adequately protect personal information not only run the risk of lawsuits and legal penalties, but also severe and potentially fatal hits to their bottom line.
Top executives and risk managers must recognize that the dangers posed by theft of personal data have escalated sharply in terms of financial liability and the potential for irreparable damage to a company’s reputation. The loss of confidence in a company’s ability to properly manage confidential information can jeopardize the survival of its business. A well-known credit card processor was dropped by several major credit card brands after a security breach in its system exposed millions of consumer accounts to possible fraud.
As consumers grow increasingly worried about identity theft and Internet-based fraud, Congress has set stricter standards for protecting personal and corporate data with privacy legislation. Examples are the Gramm-Leach-Bliley, Health Insurance Portability and Accountability (HIPAA) and Sarbanes-Oxley Acts. In addition, the state of California now requires businesses to notify customers when their personal data has been exposed to potential misuse. The costs of notifying tens of thousands of customers can be significant, but inconsequential compared to the potential loss of consumer confidence and goodwill.
Along with new legal standards, companies must confront increasingly sophisticated attacks from computer criminals. The threat has escalated from teenage hackers bent on virtual vandalism to organized criminal gangs seeking to steal sensitive information and hijack corporate systems for their own use. Many are operating out of Eastern Europe and Asia beyond the reach of U.S. authorities.
Steps to take
Modern businesses run on digital data. Securing that data is an essential part of corporate risk management today.To protect themselves, businesses need to take a proactive approach to data security and information management that recognizes the significant financial, legal and reputation risks involved. It is critical that senior executives and risk managers take a leadership role in building privacy and information security into the culture of their organizations. As a first step, businesses need to formally inventory all of the data housed on corporate systems, classify it accordingly to value and sensitivity, and then take adequate measures to secure it. Recognizing that these information security and privacy exposures can also pose a significant threat to the balance sheet, companies need to protect themselves financially by seeking risk transfer options as part of their overall risk management program.
If you have questions or would like assistance determining your insurance needs, please call us at 800-622-7370.