Virtually every business out there has cyber-attack exposure, and many of them don’t believe it. Back when Cyber Coverage first got its legs, we spent most of our time talking about a data breach which is an event tied to personally identifiable information. Now there are various other cyber threats to worry about, but let’s focus on data breaches for a moment.
Anywhere that takes credit cards has client data, even the little coffee shop on the corner. The coffee shop owner would never believe he has a cyber exposure or a data breach exposure. I would say that that guy probably has a bigger exposure than most businesses because he’s taking credit cards, including possibly from people from other states. He doesn’t know who wanders through there.
When you hand that credit card to somebody or swipe it in their system, you’re entrusting it to them. They are responsible should there be a breach. That’s often where I start the conversation with people to say that it happens that easily. A poor coffee shop owner would get a shock if a breach occurred, even if it’s on the processing end with a processor. Nobody entrusted that credit card to the processor. They entrusted it to the coffee shop. When he finds out that the data breach hit people from eight or ten different states, now he better go find out what his obligations are in each one of those states.
To the coffee shop owner, I would say that you have a serious exposure you weren’t even aware of.