Owning a private practice can contribute significantly to your wealth. But that entrepreneurialism also comes with great financial risk: As you collect and store sensitive information about your clients digitally, there’s a growing threat of a “cyber breach,” or someone breaking into your system and stealing the data.
The costs of such a breach can be staggering: nearly $200 per lost or stolen record, according to Ponemon Institute, a data security research organization1. That includes the expense of investigating the breach and notifying affected customers, as well as the opportunity costs incurred when customers defect to other firms over privacy concerns. On average, cyber breaches cost organizations about $5.5 million, Ponemon found.
No firm is too small to be targeted: Organizations with up to 100 employees accounted for 72 percent of data breaches reported in 2011, according to Verizon Communications.2 Cyber liability is a significant concern for professionals such as lawyers, doctors and accountants because of the information they hold that belongs to their clients or patient. For lawyers, this can include client companies trade secrets or customer lists, while physicians, of course, hold patient health records and insurance information. Moreover, if a breach occurs and the practice didn't insure itself, that could constitute grounds for a lawsuit, he adds.
Cyber Relief
Practices can insure against the potentially high costs of legal claims due to data breaches by carrying cyber liability coverage. Standard professional liability policies typically exclude cyber breaches, and several court cases have concluded that data is not tangible property and therefore general property and liability policies won’t cover data losses, Styles says.
You can add an endorsement on to your professional liability policy that provides cyber liability coverage or you can purchase a separate policy. How much coverage you need depends on the type of practice you run, the number and types of clients or patients you have and the sensitivity of their information. Practices that keep highly sensitive information will typically want more coverage.
Most cyber liability policies offer both first- and third-party coverage. First-party coverage refers to the costs incurred to correct the damage to your systems and data, to notify clients and to pay any fines related to the breach. Third-party liability coverage addresses any claims that from outsiders affected by the breach, such as clients or patients.
To determine how much coverage you need, consult an insurance professional specializing in cyber liability coverage. He or she will be aware of the latest endorsements and policies and can help you accurately assess your needs. “You want someone who can search the market for the policy and carrier that best fits your practice’s needs,” Styles says.
12011 Cost of Data Breach Study: United States, Ponemon Institute, March 2012.
22012 Data Breach, Investigations Report, Verizon Communications.
