The average cost of a corporate data breach increased to $3.5 million according to a research group. As large cyber breaches continue making headlines, more companies are considering cyber insurance to protect against financial losses from breaches. Cyber insurance premiums are expected to reach $2 billion in 2014, up from $1.2 billion last year. Cyber insurance is designed to mitigate losses from incidents like data breaches, network damage, and business interruptions. It can cover costs associated with notifying victims, fines, lost business, and more. As breaches become more common, more small businesses are recognizing the need for cyber insurance policies.

1. December 8, 2014
A
data breach can be
crippling to a small
business.
The average cost of a corpo-
rate breach increased 15 percent
in the last year to $3.5 million,
according to the Ponemon Insti-
tute, a Michigan-based private
research group.
With large cyber breaches
continuing to make headlines
weekly, more companies are
considering cyber insurance
policies to protect against fi-
nancial fallout.
“Cyber insurance continues
to be the fastest growing type
of insurance today,” says Rick
Betterley, president of Bet-
terley Risk Consultants Inc., a
Sterling, Massachusetts-based
risk management consulting
firm that publishes an annual
cyber/ privacy insurance mar-
ket survey. Nationally, busi-
nesses are expected to spend
around $2 billion on cyber in-
surance premiums in 2014, up
from $1.2 billion last year, ac-
cording to Betterley.
Mitigating losses
The insurance is designed to
mitigate losses from a variety
of cyber incidents, including
data breaches, business inter-
ruption and network damage,
LI BUSINESS
Data breach insurance
NEWSDAY/ALEJANDRAVILLA
Pam D’Apuzzo of RR Health Strategies in Uniondale says she took out a cyber insurance policy — proactively
— with the help of Steven Browne of Insureatech Agency in New Hyde Park.
LIBUSINESSnewsday.comNEW
A
data breach can be crip-
pling to a small business.
The average cost of a
corporate breach increased 15
percent in the last year to $3.5
million, according to the
Ponemon Institute, a Michigan-
based private research group.
With large cyber breaches
continuing to make headlines
weekly, more companies are
considering cyber insurance
policies to protect against finan-
cial fallout.
“Cyber insurance continues
to be the fastest growing type
of insurance today,” says Rick
Betterley, president of Better-
ley Risk Consultants Inc., a
Sterling, Massachusetts-based
risk management consulting
firm that publishes an annual
cyber/ privacy insurance mar-
ket survey. Nationally, busi-
nesses are expected to spend
around $2 billion on cyber in-
surance premiums in 2014, up
from $1.2 billion last year, ac-
cording to Betterley.
Mitigating losses
The insurance is designed to
mitigate losses from a variety of
cyber incidents, including data
breaches, business interruption
and network damage, according
to the Department of Home-
land Security.
“The initial demand for this
product was driven by larger
corporations,” explains Robert
P. Hartwig, president of the In-
surance Information Institute, a
Manhattan-based industry
trade association. “It began to
movedownto mid-size corpora-
Browne, who works with about
six insurance carriers including
Travelers and Hartford.
Many businesses think it
won’t happen to them, or that
their general liability coverage
will protect them. But general li-
ability typically covers physical
loss or damage, not the data
side, he explains.
Cyber insurancecancover lia-
bility incurred by the insured,
including defense and settle-
ment costs, remediation and re-
sponse costs such as customer
notification and credit monitor-
ing, costs related to regulatory
fines and penalties and in some
cases credit card fines and pen-
alties from card issuers, accord-
ing to Betterley. It can also
cover loss of business income
ents putting language in con-
tracts asking if she had cyber in-
surance. “At some point what
I’m doing now proactively will
become a requirement from our
clients,” says D’Apuzzo, who
worked with Insureatech to se-
mond & Co. LLC, a benefits and
risk management advisory firm
in Uniondale. “Two years ago,
people weren’t even speaking
about this.”
Now about 15 percent of the
firm’s clients are purchasing
cyber policies, he says. “Compa-
nies have come to realize it’s
not a matter of if they’re going
to get breached, but when
they’re going to get breached.”
Risk assessment
Products vary, so work with a
broker to understand your risk
and coverage needs. Premiums
generally run $2,000 to $5,000 a
year depending on the industry
and company size, estimates
Browne.
As part of the process, insur-
SMALL
BUSINESS
Jamie Herzlich
Data breach insurance
NEWSDAY/ALEJANDRAVILLA
son
eri-
rab
orc-
ore,
hem
unts
nual
the
ain
to
in-
on-
esi-
re-
the
hich
has
s it
eti-
and
the
ll 13
. In
the
on.
em
s of
ave
nes.
ow
ing
hed
ent
ult-
ow
ED
Y
jherzlich@aol.com
LI BUSINESS
CYBER COST
Pam D’Apuzzo of RR Health Strategies in Uniondale says she took out a cyber insurance policy —
proactively — with the help of Steven Brown of Insureatech Agency in New Hyde Park.
Policies mitigate
company losses
incyberincidents
The average cost of
notifying victims of a
data breach — one of
the largest costs that
companies incur — is
$509,237.
Source: Ponemon Institute
A35
PRINTED COPY FOR PERSONAL READING ONLY.
NOT FOR DISTRIBUTION

2. according to the Department
of Homeland Security.
“The initial demand for this
product was driven by larger
corporations,” explains Robert
P. Hartwig, president of the In-
surance Information Institute,
a Manhattan-based industry
trade association. “It began to
move down to mid-size corpo-
rations, and eventually it will
make its way down to smaller
and smaller businesses.”
That’s what Steven Browne,
president of Insureatech Agency
in New Hyde Park, a broker
for cyber liability insurance, is
banking on.
Last year, he started Insure-
atech as a separate division of
Sachem Insurance Agency, be-
cause he saw breaches becom-
ing more prevalent in the news.
“We saw a big need for it,” says
Browne, who works with about
six insurance carriers includ-
ing Travelers and Hartford.
Many businesses think it won’t
happen to them, or that their gen-
eral liability coverage will protect
them. But general liability typi-
cally covers physical loss or dam-
age, not the data side, he explains.
Cyber insurance can cover
liability incurred by the in-
sured, including defense and
settlement costs, remedia-
tion and response costs such
as customer notification and
credit monitoring, costs relat-
ed to regulatory fines and pen-
alties and in some cases credit
card fines and penalties from
card issuers, according to Bet-
terley. It can also cover loss of
business income post-breach,
adds Browne.
These costs can add up.
Pam D’Apuzzo, president of
RR Health Strategies LLC, a
health care consulting firm in
Uniondale, recently took out
a cyber insurance policy. The
company provides consult-
ing to clients including private
health practices, hospitals and
teaching facilities, and routine-
ly reviews medical records for
compliance.
D’Apuzzo noticed more cli-
ents putting language in con-
tracts asking if she had cyber
insurance. “At some point what
I’m doing now proactively will
become a requirement from
our clients,” says D’Apuzzo,
who worked with Insureatech
to secure the policy. “I think
we’ll be ahead of the curve.”
Even though she takes neces-
sary security precautions when
dealing with sensitive data, she
wants to makes sure she’s pro-
tected. “This added layer of cy-
ber insurance is an extra safety
net for me,” says D’Apuzzo.
And as more breaches make
headlines, more smaller firms
will likely follow suit.
“Demand is picking up,”
says Marc Schein of Chernoff
Diamond & Co. LLC, a benefits
and risk management advi-
sory firm in Uniondale. “Two
years ago, people weren’t even
speaking about this.”
Now about 15 percent of
the firm’s clients are purchas-
ing cyber policies, he says.
“Companies have come to
realize it’s not a matter of if
they’re going to get breached,
but when they’re going to get
breached.”
Risk assessment
Products vary, so work with
a broker to understand your
risk and coverage needs. Pre-
miums generally run $2,000 to
$5,000 a year depending on the
industry and company size, es-
timates Browne.
As part of the process, insur-
ers will do a risk assessment
and make recommendations,
Hartwig says. “It’s not simply
pure insurance,” he notes. “It in-
volves elements of prevention.”
Browne partners with out-
side cyber-security consul-
tants to perform risk assess-
ments. “We want to make sure
certain systems are in place
and they’re protected,” he says,
adding insurers after the fact
may not cover a breach if the
insured was lacking in some of
these protections.
(#84017) Copyright 2014 Newsday LLC. Reprinted with permission. To subscribe to Newsday, please call 1-800-Newsday or visit us online at Newsday.com.
For information about reprints and permissions from Newsday, visit PARS International Corp. at www.newsdayreprints.com.
newsday.comNEWSDAY,MONDAY,DECEMBER8,2014
ulting
nnual
mar-
busi-
pend
er in-
4, up
r, ac-
ed to
ety of
data
ption
rding
ome-
r this
arger
obert
he In-
ute, a
ustry
an to
pora-
will
maller
owne,
Agen-
roker
ce, is
ureat-
of Sa-
, be-
com-
news.
” says
Browne, who works with about
six insurance carriers including
Travelers and Hartford.
Many businesses think it
won’t happen to them, or that
their general liability coverage
will protect them. But general li-
ability typically covers physical
loss or damage, not the data
side, he explains.
Cyber insurancecancover lia-
bility incurred by the insured,
including defense and settle-
ment costs, remediation and re-
sponse costs such as customer
notification and credit monitor-
ing, costs related to regulatory
fines and penalties and in some
cases credit card fines and pen-
alties from card issuers, accord-
ing to Betterley. It can also
cover loss of business income
post-breach, adds Browne.
These costs can add up.
Pam D’Apuzzo, president of
RR Health Strategies LLC, a
health care consulting firm in
Uniondale, recently took out a
cyber insurance policy. The
company provides consulting
to clients including private
health practices, hospitals and
teaching facilities, and routine-
ly reviews medical records for
compliance.
D’Apuzzo noticed more cli-
ents putting language in con-
tracts asking if she had cyber in-
surance. “At some point what
I’m doing now proactively will
become a requirement from our
clients,” says D’Apuzzo, who
worked with Insureatech to se-
cure the policy. “I think we’ll be
ahead of the curve.”
Even though she takes neces-
sary security precautions when
dealing with sensitive data, she
wants to makes sure she’s pro-
tected. “This added layer of
cyber insurance is an extra safe-
ty net for me,” says D’Apuzzo.
And as more breaches make
headlines, more smaller firms
will likely follow suit.
“Demand is picking up,” says
Marc Schein of Chernoff Dia-
mond & Co. LLC, a benefits and
risk management advisory firm
in Uniondale. “Two years ago,
people weren’t even speaking
about this.”
Now about 15 percent of the
firm’s clients are purchasing
cyber policies, he says. “Compa-
nies have come to realize it’s
not a matter of if they’re going
to get breached, but when
they’re going to get breached.”
Risk assessment
Products vary, so work with a
broker to understand your risk
and coverage needs. Premiums
generally run $2,000 to $5,000 a
year depending on the industry
and company size, estimates
Browne.
As part of the process, insur-
ers will do a risk assessment
and make recommendations,
Hartwig says. “It’s not simply
pure insurance,” he notes. “It in-
volves elements of prevention.”
Browne partners with outside
cyber-security consultants to
perform risk assessments. “We
want to make sure certain sys-
temsareinplaceandthey’repro-
tected,” he says, adding insurers
after the fact may not cover a
breach if the insured was lack-
ing in some of these protections.
NE
CYBER COST
Pam D’Apuzzo of RR Health Strategies in Uniondale says she took out a cyber insurance policy —
proactively — with the help of Steven Brown of Insureatech Agency in New Hyde Park.
The average cost of
notifying victims of a
data breach — one of
the largest costs that
companies incur — is
$509,237.
Source: Ponemon Institute
PRINTED COPY FOR PERSONAL READING ONLY.
NOT FOR DISTRIBUTION