Online learning comes with its own risks, insurance needs
Since 2005, U.S. schools have lost 24.5 million records in data breaches.
Any school reopening plan that includes digital learning comes with the risk of exposing student data. In New Palestine, Indiana, a cyberattack on the local school district’s internet network in early August prevented online learning from taking place for two days during the first week of school. Officials were still investigating the source of the attack, which affected more than 4,000 students. Cyber and privacy insurance can help K-12 schools and colleges strengthen their cyber protocols and pay for the cost of a cyberattack.
“Technology is great, but there are a lot of challenges,” said Matthew Lefchik, director, cyber risk management at Node International, including the Personally Identifiable Information (PII) an online learning platform may utilize such as a student’s name, date of birth, address and grade level. “You are giving out more information about your family, and it becomes a cookie trail. You may think that because it is through a private school or public school, it cannot be compromised, but unfortunately, it can.”
The average cost for data breaches in the U.S. education industry was $245 per lost record in 2017 — a figure that may be closer to $300 or $400 in some cases, Lefchik added. One report found that since 2005, U.S. schools have lost 24.5 million records in data breaches. In addition to the cost per record, schools must pay for forensic investigations into the breach, potential ransomware costs, business interruption, mitigation expenses and legal fees. While many schools are struggling financially, the potential cost of a data breach makes data and privacy insurance even more vital.
“It is outweighed by the cost of what you are trying to mitigate,” Lefchik said. “These attacks are starting to occur more often, and the costs have been rising. Even the schools that have the most stringent policies, someone within their own network could configure something wrong. A lot of things are being cut right now, but imagine the business interruption of one day or one month of no access to your database.”
Responding to a cyber breach with cyber and privacy insurance should be the “last line of defense” for schools, which should have strong prevention and detection procedures in place — both of which are value-added services in conjunction with a cybersecurity policy. “Schools right now are setting up all of these protocols with class sizes and scheduling, and the same amount of protocols should be applied within cyber risk,” Lefchik said. “They are so overwhelmed with the pandemic questions; they may not be thinking about cyber risk and how it quantifies.”
Heather Schaaf is underwriting director at Burns & Wilcox. A version of this article originally appeared on the Burns & Wilcox website and is republished here with consent.
Related: