One of the coverages that more and more insurance companies are starting to offer is data breach coverage. Each insurance company has a different name or endorsement for it but it basically covers the same thing. Hartford was one of my first companies that offered it and I am using material from their website below to help define and explain it. Hackers and thieves have different ways to cause you problems. They can hack into your media accounts and post harmful or misleadings posts, steal lists of you clients with personal information, or steal credit card and banking information on you or your clients. The coverage for the data breach coverage isn’t always cheap, but it is cheaper than paying for a big breach on your own. I have recieved quotes from $150 to $1,000 a year. I have read different articles that state it costs between $5 and $10 per person for the notifications to your clients that their information may have been stolen. If you have a 1,000 clients that gets expensive fast. Coverage rates are based on your industry and the size of your business. Different industries have different exposures. Retail stores typically have credit card information and maybe name and address. Medical offices have personal health information along with name, DOB, SSN, health insurance information, and some credit card information. The more information you have equals the more risk and exposure you are, the more it costs to get the coverage.
Data Breach Defined
Loss, theft, accidental release or publication of Personally Identifiable Information (PII) including:
- Social security number
- Bank account number
- Credit or debit card numbers
- Driver’s license number
- Patient history and medications
Common Causes of Data Breach
- Computer hacking
- Stolen or lost laptop, smart phone, disc, flash drives
- Stolen or lost paper documents and files
- Stolen credit card information
- Employee error or oversight
Although the large companies make the headlines, small businesses represent a large percentage of data breach incidents investigated. According to the Verizon 2013 Data Breach Investigations Report (DBIR), organizations with fewer than 100 employees comprised 31% of data breach incidents investigated in 2012.1
Our society’s growing dependence on the Internet has made us increasingly vulnerable to cyber attacks. Hackers are finding ever more sophisticated ways to disrupt online service, access money and steal sensitive business and customer information. Sometimes their targets don’t realize that they’ve been victimized until much later, if ever
Small Business Cyber Threats
Hackers specialize in exploiting vulnerabilities. Poor password protection, an unsecure wireless (WiFi) network and outdated system software each present opportunities to cyber criminals seeking access to information. There are many other tactics in the hacker’s toolbox, such as:
- Phishing: You receive an email or instant message with an attachment or link to a website. Once you open the attachment or follow the link, malware (short for malicious software) opens up, gives the hacker access to your computer and then spreads across the company’s entire network. The Department of Homeland Security’s publication, Avoiding Social Engineering and Phishing Attacks, provides more information on phishing attacks and how to avoid them.
- Infected USB keys: Be cautious of USB keys from strangers. It’s another way hackers target unsuspecting victims – for instance, by slipping a batch of keys containing malware in with legitimate handouts at an industry conference. If you’re unfortunate enough to be on the receiving end, your computer opens up to the hacker as soon as you insert the tainted key into the USB slot.
- Compromising web-based databases: Special programs can pick up the personal data customers enter when filling out a company form on a website and take over a system.
If Your Business Is Targeted
If your business data is breached, the fallout can be far-reaching and costly. Standard recovery procedures can include a time-consuming process of notifying customers, investigating the incident, identifying and quantifying the losses, and monitoring credit or identity theft. You may need legal counsel to ensure you’re complying with state and federal laws and to defend your business if customers sue. There’s also the cost of repairing intangibles, such as your business’s reputation.
Resources from the US Computer Readiness Team
A multi-national study conducted by the Verizon RISK Tea