What is the cost of not buying the coverage and self-insuring a data breach?
The Ponemon Institute, a well-known research firm, publishes an annual “Cost of a Data Breach” report. In partnership with IBM, the 2014 report indicated that the average cost paid for each lost or stolen record is $201. These numbers are reflective of both the indirect expenses associated with a breach (time, effort and other organizational resources spent during the data breach resolution, customer churn, etc.), as well as direct expenses (customer notification, credit monitoring, forensics, hiring a law firm, etc.).
Because every breach is different, and the per-capita cost of a breach depends largely on the number of records compromised, it is helpful for small to mid-sized organizations to start with a lower number of $65/record, (the average direct costs associated with a breach in the Ponemon study) – multiply this number by the estimated number of records containing PII, PHI or financial account information in the Insured’s control. By engaging in this simple exercise, businesses quickly understand the financial value of implementing cyber insurance as a risk transfer vehicle. More information can be found at www.ponemon.org.