How expensive is investing in data security? Ask the executives at WellPoint Inc. The insurance company was recently fined $1.7 million by the U.S. Department of Health and Human Services (HHS) for leaving data on 612,400 customers potentially exposed, in violation of the Health Insurance Portability and Accountability Act (HIPAA). The HHS says that WellPoint did not adequately implement policies and procedures for authorizing access to an online application database and did not put adequate identity safeguards in place.

While health insurers have an extra layer of government mandates, insurance companies of all types may eventually find it's more expensive to pay for breaches after the fact than to take preventive measures. A recent study from Ponemon Institute and Symantec puts the average cost of a data breach within the United States at $188 per affected record. The number of breached records per incident this year ranged from 2,300 records to more than 99,000 records, Ponemon says. In 2013, the average per incident settled at 23,647. Therefore, it can be surmised that the average cost of a security incident for a U.S. company was more than $4.4 million.

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access