By Ed Burke, Dennis K. Burke Inc.
Data Breach is one of the fastest growing crimes in America, and the huge increase in high-profile data breaches should be a loud wake-up call for all business owners – big and small.
In the past, we may have been complacent about the risks posed by data breaches and cyber attacks. But, with data breaches happening more frequently, along with compliance issues and the costs associated to remedy a breach, we have to look at IT security as a larger business risk. For that reason, many small businesses are looking at cyber insurance as an option.
While the highly publicized breaches with millions of records stolen make the nightly news, thousands of other breaches also occurred at small businesses, resulting in the theft of hundreds of millions of records with personal identifiable information. A breach could affect the release and misuse of social security numbers, credit card information, banking information, and other confidential business and customer records.
There are regulatory requirements that need to be met when a breach occurs. Data breach notification laws, typically require a company that has been subject to a breach to inform all affected parties and take other steps to remedy possible damages. The cost to meet these requirements could be considerable.
A breach could cause an interruption in business and inflict serious damage to brand reputation. Public relations costs to help in recovery from this type of crime are rarely considered until after the fact.
The Costs from a Data Breach
The average cost paid for each lost or stolen record containing sensitive and confidential information increased 6 percent, jumping from $145 in 2014 to $154 in 2015. It’s interesting to note that the lowest cost per lost or stolen record is in the transportation industry, at $121, and the public sector, at $68. The retail industry’s average cost increased dramatically, from $105 last year to $165.
That’s according to IBM and Ponemon Institute’s 2015 Cost of Data Breach Study: Global Analysis. According to their research, the average total cost of a data breach for companies participating in the study increased 23 percent over the past two years to $3.79 million.
The study points out that lost business has potentially the most severe financial consequences for an organization. The growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach has contributed to the increase in lost business.
They looked at the likelihood of a company having another data breach within the next 24 months. Based on the experiences of participating companies, the researchers found that the probability of a data breach can be predicted based on two factors: how many records were lost or stolen and the company’s industry.
The study also examined two factors that affected the financial consequences of a data breach. They found the first is executive decisions in their company’s IT security strategy and response to data breaches. The second is the purchase of cyber insurance to mitigate the cost of a data breach.
Buying Cyber Insurance
Businesses can manage these risks with services and coverage options that fall under the umbrella of cyber insurance or data breach insurance.
Notification expenses coverage provides expenses associated with mailings informing all affected parties of the breach. They sometimes include services to impacted individuals such as credit monitoring, a help line and identity restoration case management.
Legal and forensic services coverage provides the legal expenses for ensuring that the business is in compliance with all necessary regulations. It covers forensic investigation involved in proving that there was a breach, and how best to respond. They typically provide access to data security resources for your business.
Monitoring services coverage provides all related expenses for installing security alert systems utilized as breach and fraud preventative tools.
Third-party defense and liability coverage provides expenses related to settlements, civil awards, and judgments for which the business has been found liable.
Good faith advertising expenses coverage provides expenses to publicly address the issue of the breach.
Crisis management coverage provides expenses related to informing customers and other affected parties of the breach. It also covers the expenses for any campaigns aimed at rebuilding the business’ reputation.
Every day we’re generating, processing and saving data – that’s what businesses do. The transition from a network-centric security to a data-centric security is a significant cultural shift for most companies. We can see data protection is fundamentally a business challenge in addition to being an IT challenge. Small businesses need to be prepared to address the day-to-day risks of cyber attacks, and utilize services that mitigate these data security threats.