Target. Equifax. Yahoo. You’ve heard about these big corporate data breaches. But you’re a small business, who’s going to attack you?
The reality is, the media may pay more attention to the big guys, but the highest risk for data and cyber trouble is you. According to the Ponemon Institute’s 2017 Cost of Data Breach Study, data breaches currently hit 35% of large businesses, 22% of medium businesses, and 43% of small businesses.
In fact, 31% of all breaches happen to organizations with less than 100 employees. (Verizon 2013 Data Breach Investigation Report) And 60% of small businesses that have a breach are out of business in six months.
If any of the following statements describe your business practices, you are a target:
- Your business has a website that interacts with the public
- Your business conducts any portion of business online
- Your business has customer information stored digitally
- Your business has data handled by a 3rd party online, such as credit card processing, or a cloud-based contact database
So how does a breach happen?
Unfortunately, breaches happen far too easily and often out of your control. According to one of the largest insurance carriers who has handled thousands of breaches, 51% of breaches come from employees, independent contractors, and interns. Next, 43% of breaches come from criminal groups, hackers, former employees, and government entities. Finally, 6% of breaches come from suppliers, vendors, outsourced IT, and hosting providers.
What could a breach realistically cost my business?
From attorney fees, forensic investigations, notification letters, credit monitoring, and more, the costs of a single data breach can be staggering. The Ponemon Institute found the 2017 average cost of a breach was $141 per record, actually slightly lower than 2016. However, your realistic cost depends greatly on which industry you operate in.
The average out-of-pocket cost of a breach for a business in the healthcare industry, the most costly of any industry, was a staggering $380 per record. So, for example, if your healthcare business had 1,000 client records comprised by a breach, your cost could easily be $380,000. In addition, HIPAA fines and penalties can be as much as $1.5 million.
Unfortunately, most businesses today who do not have a cyber policy in place and are hit with a sizable breach are unable to survive. Are you prepared for the cost?
But I have business insurance:
General business and liability insurance won’t adequately cover a data breach. In 2014 general liability and umbrella policies across the industry made changes, adding exclusions for cyber crime.
General policies do not cover the two most common costs of a breach:
- Fines and penalties
- Notification costs
The good news is, because of the increase in data breaches around the world, insurance options have increased and the cost of coverage has decreased. “Now, there are probably 80 different markets out there that have cyber products,” according to David Lewison, Senior Vice President Professional Lines and national practice leader for AmWINS Group, in The Insurance Journal (November 6, 2017). David goes on to share that pricing for cyber coverage overall has trended down every year for the past few years, and he doesn’t see premiums going up anytime soon.
In my next article in this series, I’ll explain what a “breach” is and where it could come from. (I’ll give you a hint, malicious hackers are only one possible risk.)
The bottom line is, if you have a business – especially a small business – that holds any kind of client information either on your computer or in the cloud, you’re at risk. We can plan for and manage the cost of that risk with cyber insurance – saving you, and your business, for years to come.
Cyber Security #2 – More Than Hacking - Understanding What a Data Breach Is and Where it Comes From
Cyber Security #3 – 6 Keys to the Right Cyber Protection for You – coming soon