Insurers and corporate boards demand accountability for data breaches

Sloppy security practices have exposed millions of health care consumers to cybercrime. The attacks on health care data systems demonstrate, and Habeas Hard Drive can attest from experience that the medical field, generally speaking, simply isn’t very serious about information security.

Now comes this legal mess, as an insurance company denies cybercrime coverage because the insured did not meet basic information security requirements outlined in the policy.

Columbia Casualty Company agreed to the terms of a $4.1 million class action settlement on behalf of Cottage Health customers whose medical records were exposed. But Columbia now claims that it’s not obligated to pay. It seems the 2013 data breach occurred because Cottage failed in some very elementary security practices.

Habeas Hard Drive sees this as a possible trend, just as insurers are figuring out how to cover cybercrime, they are also becoming more sophisticated about risk assessment. Not unlike insurance companies that offer a discount for fire-resistant roofing, business insurers will be looking for security standards that mitigate the risk of information theft.

Business is also starting to understand that nobody except top management can truly grasp what’s at stake when data is stolen. More corporate boards pointing the finger at the straight at a CEO when a high-profile data breach occurs. Does this mean CEOs will be more accountable for information security? Habeas Hard Drive has observed that they are more likely to fire middle managers and sue vendors than take responsibility. But time will tell.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s