Record Protection

Owning a private practice can contribute significantly to your wealth. But that entrepreneurialism also comes with great financial risk: As you collect and store sensitive information about your clients digitally, there’s a growing threat of a “cyber breach,” or someone breaking into your system and stealing the data.

The costs of such a breach can be staggering: nearly $200 per lost or stolen record, according to Ponemon Institute, a data security research organization1. That includes the expense of investigating the breach and notifying affected customers, as well as the opportunity costs incurred when customers defect to other firms over privacy concerns. On average, cyber breaches cost organizations about $5.5 million, Ponemon found.

No firm is too small to be targeted: Organizations with up to 100 employees accounted for 72 percent of data breaches reported in 2011, according to Verizon Communications.2 “Cyber liability is a significant concern for professionals such as lawyers, doctors and accountants because of the information they hold that belongs to their clients or patients,” says Jody Styles, senior vice president of Regions Insurance Group. For lawyers, this can include client companies’ trade secrets or customer lists, while physicians, of course, hold patient health records and insurance information. Moreover, if a breach occurs and the practice didn’t insure itself, that could constitute grounds for a lawsuit, he adds.

Cyber Relief

Practices can insure against the potentially high costs of legal claims due to data breaches by carrying cyber liability coverage. Standard professional liability policies typically exclude cyber breaches, and several court cases have concluded that data is not tangible property and therefore general property and liability policies won’t cover data losses, Styles says.

You can add an endorsement on to your professional liability policy that provides cyber liability coverage or you can purchase a separate policy. How much coverage you need depends on the type of practice you run, the number and types of clients or patients you have and the sensitivity of their information. Practices that keep highly sensitive information will typically want more coverage.

Most cyber liability policies offer both first- and third-party coverage. First-party coverage refers to the costs incurred to correct the damage to your systems and data, to notify clients and to pay any fines related  to the breach. Third-party liability coverage addresses any claims that  from outsiders affected by the breach, such as clients or patients.

To determine how much coverage you need, consult an insurance professional specializing in cyber liability coverage. He or she will be aware of the latest endorsements and policies and can help you accurately assess your needs. “You want someone who can search the market for the policy and carrier that best fits your practice’s needs,” Styles says.

12011 Cost of Data Breach Study: United States, Ponemon Institute, March 2012.
22012 Data Breach, Investigations Report, Verizon Communications.


On a scale from 1 to 5, with 1 being 'Not Good' and 5 being 'Excellent', how would you rate this article?

Press enter to submit your rating

Rate this Article

Use this form to provide additional feedback based on the rating you provided.

Thanks for Rating

Would you like to provide feedback?

Thanks for your feedback!

This information is general in nature and is provided for educational purposes only. Regions makes no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information presented. Information provided should not be relied on or interpreted as accounting, financial planning, investment, legal, or tax advice. Regions encourages you to consult a professional for advice applicable to your specific situation. Regions neither endorses nor guarantees any websites or companies referenced in this article that are not owned by Regions.

*Investment, Annuities and Insurance Products

  • Are Not FDIC Insured
  • Are Not Bank Guaranteed
  • May Lose Value
  • Are Not Deposits
  • Are Not Insured by Any Federal Government Agency
  • Are Not a Condition of Any Banking Activity