One of the biggest roadblocks to the emergence of Data Privacy insurance is it’s cost. I believe the challenge in pricing the coverage correctly comes from the underwriters difficulty in grasping the overall data and network security of a business. In talking with businesses, it quickly became clear to me that there were a few characteristics that set a business apart from it’s neighbor in the area of data security. If I can find enough businesses that demonstrate those cahracteristics, I believe we can estable a “premiere” risk class and get competitive pricing on data privacy insurance.
I met with one of those “premiere” risks today and wanted to point out a few of the characteristics that makes them a leader in Healthcare IT Security.
- They have software in place that will detect any rogue wireless access point
- The have policies and procedures when any change is made to a firewall, router, or other piece of network hardware
- All systems are scanned on a weekly basis and they hire a 3rd party to attempt to penetrate various systems on a continuous basis
- Employees are trained annually on protecting sensitive information
- Their data is all stored and backed up in a Tier 2 data center which will become a Tier 3 center in the next year
These are just a few things that I believe a business can do to help establish themselves as a “premiere” data privacy insurance risk.