Cyber Bytes

Sep 16, 2013

Cyber Attacks Continue to Rise.

In Advisen's 2nd quarter D&O claims trends report there was a section devoted to Cyber threats.

The report emphasized "Cyber attacks can expose businesses to catastrophic losses. Class action lawsuits, breach notification costs and reputational damages are only a few of the costly consequences. These losses, in the most severe cases, can lead to bankruptcy, and depending on the size and nature of the company, could have broader economic and national security implications. For this reason, federal and state governments are taking an increasingly active role in addressing the cyber issues faced by the private sector. Cyber risks are complex and constantly evolving, but as corporate leaders it is important that directors and officers attain at least a basic understanding of the threats and the potential impacts they may have on their organizations."

Jeanine Loomis, one of our in-house D&O experts, offers her thoughts on the subject:

"As we continue to see organizations experience Denial of Service attacks and Cyber/Privacy breaches, a Board of Directors should be well advised on the availability of both robust D&O and Cyber/Liability programs. We are seeing insurance carriers taking firm coverage stances on their traditional liability programs in an attempt to not cover Cyber/Privacy claims. An organization should consider buying both broad form D&O and Cyber/Privacy policies that can help them respond to the breach itself as well as the different types of litigation that can arise from an event."

S.H. Smith & Company has been a leader in the Cyber, Security & Privacy Insurance arena since the inception of the coverage. We employ the foremost experts for Cyber, Security & Privacy Insurance in the industry. Because of the expertise of our brokers and the long established reputation of S.H. Smith & Company, our carrier partners grant us coverage enhancements that no other wholesaler can offer. This is more than merely a selling point for S.H. Smith & Company, it is a source of pride as we value our customers and derive a great deal of dignity being able to offer them the very best product available; our customers sleep soundly at night knowing this.

We invite you to contact one of our Cyber, Security & Privacy experts today to learn more about our available solutions, get started on a quote, or to learn more about S.H. Smith & Company's full spectrum of insurance capabilities. In any event, we look forward to acquainting you with the S.H. Smith & Company difference: Our service expectations are not met until yours have been exceeded.

by This e-mail address is being protected from spambots. You need JavaScript enabled to view it.


Apr 03, 2013

Data Breach Claims Scenarios: Education

Educational Institutions that have taken the appropriate measures before a breach event occurs can minimize the damage. Here you will find some recent examples of Educational Privacy claims scenarios.

Cornell University (Ithaca, NY) – Names and Social Security numbers of nearly 2,000 people associated with Cornell were publicly available for five days. The information was on a computer in Cornell's athletics department and was accidentally placed online.
Source: Media

University of Georgia (Athens, GA) – The passwords of 2 UGA IT employees were reset and misused by a hacker. Names, Social Security numbers, and other sensitive data of current and former school employees (8,500 students in all) may have been exposed.
Source: Media

Multi-University Breach (United States & International) – The University of Texas, University of Colorado, University of Pennsylvania, Duke University, Rutgers University, University of Pittsburgh, University of Florida, Case Western Reserve University, Texas A&M University, Boston University, Purdue University, University of Arizona, Arizona State University, University of Utah, and additional universities were affected. Universities outside of the United States were also affected. A hacking group called Team GhostShell targeted universities around the world. A total of 53 universities were affected. Most of the data exposed was publicly available, but student, staff, and faculty usernames and passwords were also exposed. It is unclear if any financial information or Social Security numbers were taken from universities.

Yale University (New Haven, CT) – Hackers accessed at least one Yale database and obtained the details of 1,200 students and staff.  Hackers may have obtained names, Social Security numbers, addresses, and phone numbers. Additionally, usernames, passwords, and email addresses were published as proof of the hack.

Grimmer Middle School (Schererville, IN) – A hacker or hackers accessed faculty and staff usernames, email addresses, and passwords. The information was then posted online.
Source: Dataloss DB

Housatonic Community College (Bridgeport, CT) – Two campus computers were determined to have been infected by malware. The breach occurred when a faculty or staff member opened an email that contained a virus. Faculty, staff, and students affiliated with the school between the early 1990's and the day of the breach – an estimated 87,667 people – may have had their names, Social Security numbers, dates of birth, and addresses exposed. Housatonic's president acknowledged that the cost of handling the breach could be as much as $500,000.
Source: Dataloss DB

Columbia University (New York, NY) – A programmer erroneously saved an internal test file onto a public server in January 2010.  Current and former employees had their names, Social Security numbers, addresses, and bank account numbers available on the internet from January 2010 until April of 2012. A total of 3,000 current and former employees were affected, but an additional 500 sole proprietors were also affected. 
Source: Dataloss DB

Holy Family University (Pennsylvania) – A hacker accessed the database information of Holy Family University and posted the information online. The leaked data included a table with 12 usernames and encrypted passwords. Proprietors were also affected. 
Source: Dataloss DB


Contact us so we can help you find out potential exposures and security coverage gaps.


Oct 03, 2012

Never say never: No organization is immune to cyber security threats.

September saw the release of the much anticipated Deloitte Security Study. 40% of the 46 major insurers have suffered at least one security breach in the last year according to Deloitte's 2012 Global Financial Services Industry Security Study. As a result, Cyber Security has become a top priority for the financial services industry.

Betty Shepherd, Vice President and Cyber, Security & Privacy expert at S.H. Smith & Company notes, "With the continued growth of data breaches experienced by financial institutions, we should see a continued growth in the need for cyber risk insurance in this industry segment."


Read the full '2012 DTTL Global Financial Services Industry Security Study' by clicking here.

S.H. Smith & Company employs the absolute brightest and most experienced Cyber, Security & Privacy experts in the industry so that you do not have to. We have been placing Cyber, Security & Privacy liability since its inception; in fact, some of the most widely used Cyber, Security & Privacy policies were conceived and written by our in-house experts. When it comes to underwriting trends, we set them rather than follow. Contact one of our Cyber, Security & Privacy experts to learn more about our full spectrum of capabilities.


Sep 18, 2012

New Ponemon Institute Study addresses Small Healthcare Organizations and Data Security

Small healthcare organizations are obligated to protect patient health information and comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA), as well as other healthcare regulations. Organizations, such as physician & dentist offices, home healthcare services, clinics and nursing care facilities, are exposed to these regulations and failure to comply with HIPAA or other regulations can result in steep fines that can cripple a small healthcare organization.

The Ponemon Institute conducted a study, sponsored by MegaPath, to understand the problems faces by small healthcare organizations and their attempts to safeguard “personal information” and “patient health information”. The Data Security in Small Healthcare Organizations study surveyed over 700 IT and Administrative employees in organizations with 250 or less employees. Below are some of the key findings of this recent study:

  • 91% have had at least one data breach and 23% say their organizations experienced at least one patient medical identity theft incident
  • 70% of respondents agree that their organizations do not have or are unsure their organizations have sufficient funding to achieve proper governance, risk management and compliance requirements
  • 35% of respondents say no one person has overall responsibility for protecting patient health information
  • Patient information is most often in paper documents as opposed to electronic storage
  • Governance and control procedures are considered more effective than the technologies the currently use
  • 48% of respondents say less than 10% of their organizations' budget or annual spending is dedicated to data security technologies

This study clearly indicates that data breaches are prevalent in smaller healthcare organizations and they are in need of improved data protection and risk management in order to be in compliance with the various data protection regulations. In addition, it would be important for these organizations to consider transferring some of the risk to a Cyber/Privacy Insurance policy to provide them with the protection they need in order to comply with breach notification laws and potential regulatory fines for non-compliance.



Cyber Bytes is S.H Smith & Company's Cyber, Security & Privacy blog – written by the experts you trust.


Betty Shepherd and Jeanine Loomis are experts in the field of Cyber, Security, & Privacy. Combined, they have over 40 years experience writing Cyber, Security & Privacy Liability policies.


With over three decades of experience as an IT Manager/Security Expert, Gene Barnes is intimately acquainted with the cyber threats that today's business owners face.