“It won’t happen to me”. This is the way most small businesses manage their risk of Data Breach. 55% of the small businesses surveyed by the Ponemon Institute had suffered a Data Breach and 53% had already suffered multiple Data Breaches. Only one-third of the businesses had properly notified the affected individuals about the exposure of their personal information.
The easy targets for thieves are small businesses. Unfortunately, few small business owners know how to respond to the laws in their state regarding data breach and the requirement for notification and credit monitoring. In addition, in many cases, along with the data breach comes bad publicity and harm to the reputation of the business.
Most of the data breach problems come from employee errors, stolen computers, and loss of media storage equipment. The loss can also come to the “old school” business from the disappearance of paper files as well. Before you get rid of that old photocopier, make sure the memory was completely cleaned…
Most business owners that accept credit cards believe that any breach problem involving a credit card would be the problem of the processing vendor. Unfortunately, the customer provided the personal information to the business owner and the business is responsible should there be a breach.
Proper procedures, system security, and limitations on access can help to minimize the problem, however, often simple mistakes unwittingly expose sensitive information and trigger the statutory notification requirements. The average cost of a data breach is $204 for each record.
The good news is that there is insurance for these problems. In some cases, a limited Data Breach coverage can be added to your existing Commercial Package policy. The business can receive help to notify the individuals (which cannot normally be done by email), set up credit monitoring for the affected individuals, and get help to manage the negative publicity that comes when the public learns about the breach. This type of problem can ruin a business.
A Data Breach can be extremely expensive and damaging to a business, however, this is only part of the problem. Another Cyber area is the loss of Digital Assets which can result in both a disruption of the business and a significant loss of business income not normally covered by the standard business policy. Please don’t overlook this part of your business.
Be sure that you secure your insurance coverage with an insurance professional that is working in your best interest. Garland-Sturges & Quirk.