Creating a “Premiere” Risk Class

June 1, 2009

One of the biggest roadblocks to the emergence of Data Privacy insurance is it’s cost.  I believe the challenge in pricing the coverage correctly comes from the underwriters difficulty in grasping the overall data and network security of a business.  In talking with businesses, it quickly became clear to me that there were a few characteristics that set a business apart from it’s neighbor in the area of data security.  If I can find enough businesses that demonstrate those cahracteristics, I believe we can estable a “premiere” risk class and get competitive pricing on data privacy insurance.  

I met with one of those “premiere” risks today and wanted to point out a few of the characteristics that makes them a leader in Healthcare IT Security.  

  • They have software in place that will detect any rogue wireless access point
  • The have policies and procedures when any change is made to a firewall, router, or other piece of network hardware
  • All systems are scanned on a weekly basis and they hire a 3rd party to attempt to penetrate various systems on a continuous basis
  • Employees are trained annually on protecting sensitive information
  • Their data is all stored and backed up in a Tier 2 data center which will become a Tier 3 center in the next year

These are just a few things that I believe a business can do to help establish themselves as a “premiere” data privacy insurance risk.