Data breaches make the news when big retail chains get hit with a cyber attack. You may even be notified of the breach by the retailer if they have reason to believe your data was compromised. Or, you may read about data breaches when you receive a new credit card or are offered identity theft protection.
What you might not hear about are the cases where a business owner goes bankrupt after a data breach. A 2012 study by the National Cyber Security Alliance found that 60 percent of small to midsize businesses that suffered a breach went out of business within six months.
FIRST LINE OF DEFENSEYour first line of defense as a business owner is to educate yourself on how to prevent or mitigate a breach. Follow news reports, and take advantage of online materials available to help you prepare for and respond to cyber attacks.
SECOND LINE OF DEFENSEYour local independent insurance agent could be your second line of defense, providing information about Internet exposures and insurance products. Any business that handles private information is at risk of breach and subject to cyber exposures. Private information includes personal identifiers (Social Security numbers, birth dates, driver’s license numbers, etc.), financial information (bank or investment accounts, credit cards, etc.), medical or medical claim history, employee personal data or student records.
Companies that use third parties to process their transactions or record keeping, such as payroll, employee benefits or billing, also have the potential for a cyber loss. Consider the possibility of that third party experiencing a data breach where you might be ultimately responsible for the breached records.
WHY BUY CYBER INSURANCE?Cyber insurance can reimburse for expenses incurred such as:
-Breach notification law compliance – 47 states have data breach notification laws that include an obligation to notify those whose information has been breached and certain federal laws, such as HIPAA, may also require similar notifications.
-Breach response costs – for example, notifying and providing services to affected individuals
-Opportunity costs and out-of-pocket expenses involved in resolving identity theft problems for business owners and customers
-Damage to the business computer systems and data due to unauthorized access, hacking, malware or denial of service attacks.
Remember, data comes in all forms, paper and electronic, and business owners need to protect data to manage risk.