Insurance Exec Urges Financials To Tighten Their Data Controls
An executive with Chubb Specialty Insurance is warning financial institutions that all need to tighten data security controls and they all can expect to have a breach of confidential information.
"For many financial institutions, a network security breach involving the release of confidential customer information is not a matter of if, but when," cautioned Tracey Vispoli, vice president, Chubb & Son, in remarks before a bankers group here. "It's time for financial institutions to further tighten their data security controls and to prepare for the potentially significant financial cost of this risk."
Exposure To Lawsuits
Vispoli, the global fidelity manager for Chubb Specialty Insurance, explained that new laws in nearly half the states require companies to disclose security breaches to their customers/members residing in those states.
"Network security breaches expose companies to class-action lawsuits as well as irreversible damage to the corporate brand," she said. "The new state laws add another layer of responsibility and cost by mandating that companies notify customers of actual or suspected security breaches."
Financial institutions are especially vulnerable to an increasing number of security breaches, according to Vispoli, who cited a 2005 White & Case National Survey on Data Security Breach concludes that banks and credit card companies are the top two targets of security breaches.
According to a San Diego-based consumer rights group, Privacy Rights Clearinghouse, more than 51-million Americans have had their personal data breached in more than 95 incidents since February 2005. A conservative estimate of notification costs is $30 per customer/member according to Vispoli.
As a result, Chubb has recently enhanced its CyberSecurity by Chubb policy. A new Security Breach Notification option insures these costs regardless of where the affected customers/members reside.
Costs Quickly Escalate
"Clearly, the costs can quickly escalate if a financial institution or its third-party vendor has to or chooses to inform its customers of the theft of confidential personal information," Vispoli said. "Companies that do a poor job of customer notification risk losing valuable business, damaging their reputations and becoming the targets of class-action liability lawsuits."