Data breaches, computer attacks, and identity theft are usually not on the top of small business owners list of concerns.
They are thought to be unimportant because data thieves and data breaches “always happened to the big guys, like Target or the IRS.” In reality, small business owners have been the primary target of data thieves over the last four years. Since 2015 alone, over half of the cyber attacks worldwide were against businesses with less than 250 employees.
Cyber threats are real. Below we have listed out four major reasons that small business need to incorporate cyber protection into their commercial insurance plan.
Four reasons why cyber coverage is essential.
Small businesses may think they don’t have information that cyber criminals want. However, small businesses accept credit card payments, collect and maintain personal information on their employees and customers, have websites, and do online banking. Each of these activities create opportunities for cyber criminals to obtain the type of information they are looking for.
Cyber criminals understand that small businesses have fewer resources to invest in proper data protection and security controls, making them an attractive target. In 2016, Nationwide conducted a survey of 500 small businesses. This survey revealed that nearly 80% of these businesses do not have a data breach plan. Over half of these businesses have experienced at least one data breach. It can take up to a year to recover from a cyber-attack.
Once a breach occurs and sensitive information is stolen, it is very unlikely that the targeted small business will have a viable source of resources to comply with the vast variety of legal requirements provided by the state. Each state has their own set of specific laws in the event of a cyber-attack.
Some can require you to notify each affected individual within a specific time frame. Some states require this notification to come via mail, while some require a verbal confirmation. Several states require the small business to provide free credit monitoring to affected individuals for a specific duration of time. A call center might be required to answer questions from the affected parties.
Therefore, each breach of sensitive information may require several different state laws to determine the appropriate response. If these laws aren’t followed, a small business can be hit with large fines, suffer losses in productivity, and face many challenges.
Therefore, we encourage our business owners to add Data Compromise coverage on to their small business policies. This coverage will give you full access to a helpline staffed by trained experts ready to assist with any type of data breach.
It’s not just about cyber criminals hacking into a small business’s computer system. A lost or stolen laptop containing unencrypted sensitive information may trigger breach notification laws. Even sensitive information contained in paper files poses a risk.
Thieves can go through garbage in search of financial statements, or receipts and documents with personal information. An office can be burglarized and may find paper files missing that contain tax records, bank accounts or social security numbers. The thief could even be a disgruntled employee. Data Compromise coverage will respond to expenses associated with the loss of third-party information as well as that of employees and owners.
In additional to Data Compromise coverage, we also advise our small business owners add Identity Recovery coverage to their policies. This coverage will apply to key individuals, owners, employees, and resident family members. It will give them further assistance should their identity be stolen.
In addition to stealing information directly from a small business, they can be a gateway for hackers to access the systems of its large suppliers, customers or banks. Such was the case with the Target Corporation breach, whereby hackers targeted a small contractor business whose networks were directly connected to Target’s. Upon obtaining an employee’s credentials via a phishing email, the hackers used that to gain entry to Target’s systems completely undetected.
Cyber coverage is intended to provide defense and settlement costs for similar situations. A small to mid-sized business could also unintentionally forward a virus or malware to a supplier or customer. This could cause the third party’s website to go down resulting in loss of income. Cyber coverage would not only cover the third party’s loss of income claim, but also for the small business itself. Coverage would also provide assistance on repairing or restoring computer systems damaged during the breach.
Make sure your small business is covered. Ask our advisors about policy updates to your commercial coverage.
June 05, 2017
by John Connor