“It won’t happen to me”. This is the way most small businesses manage their risk of Data Breach. 55% of the small businesses surveyed by the Ponemon Institute had suffered a Data Breach and 53% had already suffered multiple Data Breaches. Only one third of the business had properly notified the affected individuals about the exposure of their personal information.
The easy targets for thieves are small businesses. Unfortunately few small business owners know how to respond to the laws in their state regarding data breach and the requirement for notification and credit monitoring. In addition, in many cases, along with the data breach comes bad publicity and harm to the reputation of the business.
Most of the data breach problems come from employee errors, stolen computers and loss of media storage equipment. The loss can also come to the “old school” business from the disappearance of paper files. Before you get rid of that old photo copier, make sure the memory was completely cleaned…
Most business owners that accept credit cards believe that any breach problem involving a credit card would be the problem of the processing vendor. Unfortunately, the customer provided the personal information to the business owner and the business is responsible should there be a breach.
Proper procedures, system security and limitations on access can help to minimize the problem however, often simple mistakes unwittingly expose sensitive information and trigger the statutory notification requirements. The average cost of a data breach is $204 for each record.
The good news is that there is insurance for these problems. In some cases, a limited Data Breach coverage can be added to your existing Commercial Package policy. The business can receive help to notify the individuals (cannot be done by email), set up credit monitoring for the affected individuals, and get help to manage the negative publicity that comes when the public learns about the breach. This type of problem can ruin a business.
A Data Breach can be extremely expensive and damaging to a business however, this is only part of the problem. Loss of digital assets can result in a disruption of the business and a significant loss of business income which would normally not be covered by the standard business policy – call your agent to discuss.