Financial Institutions Face Significant Security Breach Costs

February 1, 2006

“For many financial institutions, a network security breach involving the release of confidential customer information is not a matter of if, but when,” cautioned Tracey Vispoli, vice president, Chubb & Son, during the 2006 American Bankers Association Insurance Risk Management Annual Conference. “It’s time for financial institutions to further tighten their data security controls and to prepare for the potentially significant financial cost of this risk.”

Vispoli, the global fidelity manager for Chubb Specialty Insurance, explained that new laws in nearly half the states require companies to disclose security breaches to their customers residing in those states. “Network security breaches expose companies to class-action lawsuits as well as irreversible damage to the corporate brand,” she said. “The new state laws add another layer of responsibility and cost by mandating that companies notify customers of actual or suspected security breaches.”

Financial institutions are especially vulnerable to an increasing number of security breaches, said Vispoli. The 2005 White & Case National Survey on Data Security Breach concludes that banks and credit card companies are the top two targets of security breaches. According to a San Diego-based consumer rights group, Privacy Rights Clearinghouse, more than 51 million Americans have had their personal data breached in more than 95 incidents since February 2005. A conservative estimate of notification costs is $30 per customer, according to Vispoli.

To help financial institutions defray the costs of notifying customers of a security breach, Vispoli announced that Chubb has enhanced its CyberSecurity by Chubb policy. A new Security Breach Notification option insures these costs regardless of where the affected customers reside. CyberSecurity, which addresses a financial institution’s e-commerce crime-related exposures, insures the costs of credit monitoring services for up to one year for the financial institution’s affected customers; creating new customer account numbers and re-establishing secure account numbers; issuing new ATM/credit/debit cards; and hiring a crisis management/public relations firm. The coverage also helps protect financial institutions when a vendor entrusted with its customer data experiences a security breach.

“While media headlines inform us of high-profile network security breaches, financial institutions of all sizes – from a community bank to a multinational asset management firm – are at risk,” said Vispoli. “Clearly, the costs can quickly escalate if a financial institution or its third-party vendor has to or chooses to inform its customers of the theft of confidential personal information. Companies that do a poor job of customer notification risk losing valuable business, damaging their reputations and becoming the targets of class-action liability lawsuits.”

Source: Chubb

Was this article valuable?

Here are more articles you may enjoy.