Can your business afford the cost of a data breach?
Posted on Mon, Jan 24, 2011
If you think cyber risk is not a concern for your business, it should be. General liability, property insurance and professional liability policies do not cover the full spectrum of exposures from a security breach. In fact, many now specifically exclude cyber risk. Cyber liability is an important coverage for your business.
According to the results of a recent study conducted by the National Retail Federation and First Data Corp, an overwhelming majority of small and mid-sized companies (86 %) care about keeping customer credit card information secure but, nearly two-thirds of them (60 %) are clueless about their liability when customer data goes missing. Equally alarming, even more of them (64 %) believe that their business is not at risk.
The survey also showed there appears to be some confusion among retailers regarding the liability costs in the event of a data security breach. More than 60% of these smaller merchants did not realize that credit-card companies are authorized to fine their business a per-card fee for every card that has to be canceled if it is determined that they are the source of a data breach. According to the 2009 U.S. Cost of a Data Breach Study by the Ponemon Institute, the average cost for merchants coping with a data breach in 2009 rose to $6.7 million with the cost per customer record breached estimated at $204. So if your businesses’ computer system was hacked and the records of 1,000 customers were stolen, this could cost your business upwards of $204,000. Could your business afford that?
More than 4% of respondents reported having been a victim of any one type of fraud listed in the survey. Although the percentage seems low, it equates to a potential 1 million small businesses being impacted. The latest Federal data estimates there are approximately 24.6 million small businesses currently operating in the United States.
In March 2010, Massachusetts enacted strict security breach prevention regulations (201 CMR 17.00). This law requires that, all companies who hold sensitive personal information on one or more Massachusetts citizens must have a written Information Security Program (ISP). These companies must also implement other safeguards that require thorough IT environment reviews.
To receive an estimate for cyber liability insurance, answer a few simple questions.