By: Maria Clark, Reporter New Orleans CityBusiness
A federal judge in Minnesota last month refused to dismiss a class action lawsuit against Target on account of the massive data breach that affects nearly 110 million customers last year.
The data breach, which occurred in 2013, has cost the company more than $140 million.
The decision to allow a class action lawsuit is not only costly for the Minneapolis-based retailer but could influence how courts hold retailers responsible in the case of a data breach.
An increasingly popular option for many companies of all sizes threatened by a possible cyber-attack is a cyber-insurance policy. Cyber insurance has been around since the 1990s but has grown over the last 10 years. Marsh Risk Management research reported that they saw a 21 percent jump from 2012 to 2013 cyber insurance policies sold.
James “Bo” Laborde, the head of Marsh Insurance in New Orleans notes that regardless of their size businesses need to look at their risk factors in considering how to protect themselves against data theft.
“Although small businesses are necessarily as big a target it can be a fight to maintain their reputation when there is a data breach,” Laborde said.
According to the Insurance Information Institute, increased regulation at both the federal and state level is now requiring companies to notify customers of personal data breaches. At the federal level, laws such as the HIPAA and the Fair Credit Reporting Act have requirements to safeguard personal information.
Target alone has faced 70 class action lawsuits resulting from the 2013 data breach.
This particular area of the insurance industry has experienced demand among higher-risk industries such as health care, hospitality and the retail industry. The health care industry is particularly at risk for a data breach because of all of the private information that is stored in electronic medical records, he explained. According to the Insurance Information Institute, the health care industry reported 43 percent of data breaches in the United States in 2013, followed by retailers (34 percent).
“The reality is that cyber security insurance is still an emerging type of coverage and changing each year,” Laborde said. He noted that small businesses he often works with rely on crime coverage to protect themselves in the instance of a data breach.
However, the field of cyber security is rapidly changing as technology and the forms of payment and how personal information is stored and shared continues to evolve.
“Traditional policies don’t typically handle emerging risks. Technology is evolving and these policies are going to continue to morph in order to provide more protection,” Laborde said.
Data breaches are frequently among the most expensive and damaging security failures impacting companies of all sizes.
IBM Security Services annual Cyber Security Intelligence Index reported approximately 1.5 million monitored cyber-attacks in the United States last year. The report showed that about 16,800 of those attacks on average result in a quantifiable data breach impacting companies.
“A good rule of thumb is to have a plan in place, whether it’s to have some sort of insurance coverage or other security measure in place,” said Clayton Mouney, the owner of a third-party information technology firm in New Orleans called thinkIT Solutions. “Those big companies spend a lot of money of security, but it shows you that noone is immune on the threat.”
ThinkIT Solutions provides IT support and help desk services for businesses with 10 to 200 employees. Most of these businesses don’t necessarily have an IT person on staff to help them with their infrastructure and to coordinate their security, Mouney said.
“When a company that we are supporting has some sort of security breach, they do look at us to see how we are failing them,” he said.
Beyond making sure that security measure are properly put in place, these measures can include making sure passwords are changed and protected. He said it is important for business owners to properly train personnel on how to guard private information.
“Small businesses often think they’re not a target because they don’t have a huge presence. But that leads to lack of awareness and education on how to keep information protected. In today’s world, it is not a question of it you will be compromised, it’s a question of when,” he said.