[Editor’s Note: This article was first published on the TCEA TechNotes blog.]
Have you read the latest newsflash? School district data breaches are on the rise, and your school district’s student information system (SIS) data could be a prime target for hackers. The SIS contains records of minors, representing an unexploited, potential victim. Identity thieves are sharpening their digital knives for the feast. Let’s explore this topic from a cyber liability insurance perspective.
Framing the discussion
Keep these questions in mind as we step through this relevant topic.
- What is cyber liability insurance and how does it work?
- Are there any laws about the management of student and employee records?
- How susceptible is my school district to a data breach?
- How can my district mitigate the risks of a data breach?
What is cyber liability?
Are you looking for an insurance policy designed to manage risks and costs associated with a data breach? Most providers have recognized the growing threat and now offer a policy known as Cyber Liability Insurance Coverage (CLIC). Did you know that the average cost of data-breach mitigation is $245 per record, which is $45 dollars higher than the worldwide average according to a study by the Ponemon Institute. Ask your school district insurance provider for a rider or enhancement. Learn more about cyber coverage.
What factors into the cost of a data breach?
This education sector cost takes the following factors into consideration:
Investigation – After a breach, affected parties take several actions. Those actions include a detailed forensic analysis that facilitates identification of three things. The first is how the breach occurred. The second is the number of records affected. The third is how to prevent the breach from happening again. To achieve this, there must be involvement from a third-party security firm and coordination with law enforcement.
Business loss – These are costs associated with data loss recovery, potential district closure, crisis management, and repairing reputation damage.
Privacy and notification – Notifying affected people of a breach can be expensive. You must notify students, parents, staff, and the community. What’s more, credit monitoring may be an extra cost. Those who suffered data loss or theft would typically receive this credit monitoring at no charge to themselves.
Lawsuits and fines – Your organization will incur legal expenses (e.g., lawsuits, settlements) and possibly regulatory fines. Your district may even have to pay cyber extortion in the case of ransomware.
As mentioned, the cost of legal expenses plays a big part.
Did you know you must inform affected parties of a security breach? If a security breach compromises private data, you must say so per the Texas Identity Theft Enforcement and Protection Act. What’s more, you may face fines at $100 per record/per day up to $250,000 per breach.
Need to know more about the law? Check out the National Conference of State Legislatures’ Student Data Privacy page, which lists detail about state policy approaches.