Whatever the cause of the breach, the result is the same--anxious victims, unexpected business costs and potential harm to a company's brand and reputation. While notification and related costs can be onerous for a large business, they can devastate a smaller company. Often, smaller companies don't have a plan to deal with a data breach and don't have access to specialists and the concentrated resources needed for a fast response.

The failure to respond in a timely manner and provide assistance to victims of the breach makes the situation worse. Early notification of breached personal information may significantly lower the rate of misuse. Customers, clients and others expect assistance to prevent identity theft and fraud, and services if they become victims. Not meeting those expectations can result in lost business and damage a company's image.

There are also legal penalties for a slow or inadequate response. As of July 1, 2008, 44 states plus the District of Columbia and Puerto Rico have enacted legislation requiring notification of security breaches involving personal, nonpublic information that the business controls. Generally, these laws mandate expedient notification "without unreasonable delay," and many impose civil or criminal penalties for failure to promptly disclose. Federal legislation is also pending.

Fast, professional response
With so much at stake, data compromise coverage has become an important part of business insurance, enabling smaller businesses to provide a fast, professional response, similar to that offered by large corporations. Coverage and services typically include:

o Legal review of statutory obligations, which vary by state and circumstance
o Forensic information support to determine the nature and scope of the breach, and to identify the individuals affected and the means available to notify them
o Preparation and production of notifications and call center support
o Credit monitoring for persons affected
o Identity restoration case management and other personal services for victims of identity theft that occurred because of the data breach

Insurance professionals face their own challenges
Even as insurers create new products to meet changing needs, they face challenges of their own. Data has already been breached at several insurance agencies, with some cases involving thousands of people. Brokers, agents and other insurance professionals must take steps to protect their data and that of their clients.

Claims data is extremely sensitive and requires careful handling. New questions arise, such as: How will an identity theft claim be adjusted? How much information is needed? The personal information of potential victims can't simply be faxed and dropped inside an inbox. Agents, brokers and other professionals must follow careful security procedures.

Insurers must also take action to protect against fraud. They may unknowingly issue policies to people who are not who they claim to be. Worse, they may issue claim payments to imposters.

Every day, thieves and rogue employees devise new ways to infiltrate businesses and misappropriate data. Information is lost, misplaced and transmitted inadvertently. The challenge for the insurance industry is to develop new programs while protecting the integrity of all the data they handle.

With recently polled corporate managers citing data breaches as their No. 1 concern, data compromise coverage will continue to expand and become more innovative to meet the growing demand.