Financial Institutions Face Significant Security Breach Costs, Cautions Chubb VP
INDIAN WELLS, CA, February 1, 2006 – “For many financial institutions, a network security breach involving the release of confidential customer information is
not a matter of if, but when,” cautioned Tracey Vispoli, vice president, Chubb & Son, during the 2006 American Bankers Association Insurance Risk Management
Annual Conference. “It’s time for financial institutions to further tighten their data security controls and to prepare for
the potentially significant financial cost of this risk.”
Vispoli, the global fidelity manager for Chubb Specialty Insurance, explained that new laws in nearly half the states require
companies to disclose security breaches to their customers residing in those states. “Network security breaches expose companies
to class-action lawsuits as well as irreversible damage to the corporate brand,” she said. “The new state laws add another
layer of responsibility and cost by mandating that companies notify customers of actual or suspected security breaches.”
Financial institutions are especially vulnerable to an increasing number of security breaches, said Vispoli. The 2005 White
& Case National Survey on Data Security Breach concludes that banks and credit card companies are the top two targets of security
breaches. According to a San Diego-based consumer rights group, Privacy Rights Clearinghouse, more than 51 million Americans
have had their personal data breached in more than 95 incidents since February 2005. A conservative estimate of notification
costs is $30 per customer, according to Vispoli.
To help financial institutions defray the costs of notifying customers of a security breach, Vispoli announced that Chubb
has enhanced its CyberSecurity by ChubbSM policy. A new Security Breach Notification option insures these costs regardless of where the affected customers reside.
CyberSecurity, which addresses a financial institution’s e-commerce crime-related exposures, is among the first policies to
insure the costs of credit monitoring services for up to one year for the financial institution’s affected customers; creating
new customer account numbers and re-establishing secure account numbers; issuing new ATM/credit/debit cards; and hiring a
crisis management/public relations firm. The coverage also helps protect financial institutions when a vendor entrusted with
its customer data experiences a security breach.
“While media headlines inform us of high-profile network security breaches, financial institutions of all sizes – from a community
bank to a multinational asset management firm – are at risk,” said Vispoli. “Clearly, the costs can quickly escalate if a
financial institution or its third-party vendor has to or chooses to inform its customers of the theft of confidential personal
information. Companies that do a poor job of customer notification risk losing valuable business, damaging their reputations
and becoming the targets of class-action liability lawsuits. Chubb provides a unique solution to this potentially huge exposure.”
For more than 35 years, Chubb has provided insurance solutions to financial institutions, including CyberSecurity by Chubb,
directors and officers liability, professional liability, employment practices liability, fiduciary liability, bond, property,
commercial auto, kidnap/ransom and extortion, general liability and ERISA bonds.
The member insurers of the Chubb Group of Insurance Companies form a multi-billion dollar organization providing property
and casualty insurance for personal and commercial customers worldwide through 8,000 independent agents and brokers. Chubb's
global network includes branches and affiliates throughout North America, Europe, Latin America, Asia and Australia. More
information on Chubb can be obtained at www.chubb.com.
|
