Record Protection
Previous

Owning a private practice can contribute significantly to your wealth. But that entrepreneurialism also comes with great financial risk: As you collect and store sensitive information about your clients digitally, there’s a growing threat of a “cyber breach,” or someone breaking into your system and stealing the data.

The costs of such a breach can be staggering: nearly $200 per lost or stolen record, according to Ponemon Institute, a data security research organization1. That includes the expense of investigating the breach and notifying affected customers, as well as the opportunity costs incurred when customers defect to other firms over privacy concerns. On average, cyber breaches cost organizations about $5.5 million, Ponemon found.

No firm is too small to be targeted: Organizations with up to 100 employees accounted for 72 percent of data breaches reported in 2011, according to Verizon Communications.2 Cyber liability is a significant concern for professionals such as lawyers, doctors and accountants because of the information they hold that belongs to their clients or patient. For lawyers, this can include client companies trade secrets or customer lists, while physicians, of course, hold patient health records and insurance information. Moreover, if a breach occurs and the practice didn't insure itself, that could constitute grounds for a lawsuit, he adds.

Cyber Relief

Practices can insure against the potentially high costs of legal claims due to data breaches by carrying cyber liability coverage. Standard professional liability policies typically exclude cyber breaches, and several court cases have concluded that data is not tangible property and therefore general property and liability policies won’t cover data losses, Styles says.

You can add an endorsement on to your professional liability policy that provides cyber liability coverage or you can purchase a separate policy. How much coverage you need depends on the type of practice you run, the number and types of clients or patients you have and the sensitivity of their information. Practices that keep highly sensitive information will typically want more coverage.

Most cyber liability policies offer both first- and third-party coverage. First-party coverage refers to the costs incurred to correct the damage to your systems and data, to notify clients and to pay any fines related  to the breach. Third-party liability coverage addresses any claims that  from outsiders affected by the breach, such as clients or patients.

To determine how much coverage you need, consult an insurance professional specializing in cyber liability coverage. He or she will be aware of the latest endorsements and policies and can help you accurately assess your needs. “You want someone who can search the market for the policy and carrier that best fits your practice’s needs,” Styles says.

12011 Cost of Data Breach Study: United States, Ponemon Institute, March 2012.
22012 Data Breach, Investigations Report, Verizon Communications.

Next

On a scale from 1 to 5, with 1 being 'Not Good' and 5 being 'Excellent', how would you rate this article?

Press enter to submit your rating

Rate this Article

Use this form to provide additional feedback based on the rating you provided.

Thanks for Rating

Would you like to provide feedback?

Thanks for your feedback!

This information is general in nature and is not intended to be legal, tax, or financial advice. Although Regions believes this information to be accurate, it cannot ensure that it will remain up to date. Statements or opinions of individuals referenced herein are their own—not Regions'. Consult an appropriate professional concerning your specific situation and irs.gov for current tax rules. Regions, the Regions logo, and the LifeGreen bike are registered trademarks of Regions Bank. The LifeGreen color is a trademark of Regions Bank.

*Investment, Annuities and Insurance Products

  • Are Not FDIC Insured
  • Are Not Bank Guaranteed
  • May Lose Value
  • Are Not Deposits
  • Are Not Insured by Any Federal Government Agency
  • Are Not a Condition of Any Banking Activity