Op/ed: Cyber crimes and data breaches are not just the problems of big companies
By Steve Brooks on January 27, 2012
When a company such as Sony or a government agency such as the Department of Veterans Affairs falls victim to a data breach, it becomes national news. The attention is warranted since the numbers of personal records affected can be astounding. The attention also warns those affected to take caution and to monitor accounts. However, the reporting of cyber crimes being committed against smaller companies rarely makes the evening news, even though it is escalating at an alarming rate.
According to a study conducted by Verizon and the U.S. Secret Service, in 2010 a whopping 63 percent of cyber attacks occurred in businesses with fewer than 100 employees. This was a massive increase from 2009, when attacks on small businesses comprised only 27 percent of the data breaches.
Today, small-business owners are facing a growing number of hurdles in protecting their comapnies from such attacks. The first is a difficulty in affording the level of cyber protection companies such as Sony or Visa may employ (and obviously, these companies don’t have bulletproof safeguards either). And while smaller businesses do have fewer employees, making the threat of a lost or stolen computer proportionally smaller, the fact remains that a lost or stolen laptop can have devastating consequences on a small business. The fall-out can include not only your sustained personal business losses, but potential lawsuits, fines and penalties stemming from third-party losses your business can ultimately be held liable for.
According to The Open Security Foundation and the Data Loss Database (www.datalossdb.org), publicly reported data breaches affected more than 125 million records in 2011 alone. Moreover of the 369 publicly reported incidents, 160 were business breaches, with medical breaches a distant second at 105. That means that businesses are the prime targets of hackers and opportunists looking to commit cyber crimes.
It’s not surprising that insurance companies have taken notice of the increase in cyber crimes, and in most instances now specifically state that data and technology are excluded from their business insurance policies. Moreover, insurance companies have deemed particular businesses “high risk.” This means that unless you’ve purchased cyber-liability which comes in various forms, and at various premiums — and you happen to be a retailer, wholesaler, accounting firm, property management or real estate company, e-commerce company, law firm, or health care business — your data and technology is almost certainly not covered.
Consider you’re a clothing boutique owner. You store not only sensitive client information including credit card numbers on your computer, but you also store all of your business information on your computer. Should this computer be lost, or even hacked, you can be held liable to damages incurred by your clients (to say nothing of your own business identity theft).
In an even more innocuous case, consider you have 12 employees at your accounting firm. Your computer system is hacked. Unbeknownst to you, a virus has been sent attached to an email you send to a corporate client. As unimaginable as it sounds, should that email virus cause any disruption of business for that client, you can be held financially responsible for their loss of productivity, sales and wages.
Sounds like something from a movie, doesn’t it? Unfortunately, it is reality, and the numbers of businesses and individuals suffering as a result of the continuing climb in cyber crime don’t lie. But what they do offer is a reminder of just how diligent we need to be in protecting not only the welfare of our own businesses, but of the privacy of our valuable clients and customers.
Just as auto insurance won’t protect you from an automobile accident, neither will cyber liability insurance — which is a relatively new form of business coverage — protect your small business from cyber crime. But it can protect you from lawsuits stemming from personal information being stolen. It will also offset the high cost of having to notify everyone in your database or anyone who may have been affected by the breach, as required by law.
• Steve Brooks is president of B & B Premier Insurance Solutions, an independent insurance agency in Southern California. Contact him at (805) 496-4819 ext. 212 or firstname.lastname@example.org.