Some insurance companies and brokers are calling 2011 the “Year of the Breach”. The headlines were full of stories of major companies that suffered devastating attacks on their computer networks. Sony, for example, suffered an estimated $100M loss when the Playstation network was hacked and the personal information of 77 million subscribers was stolen. The average cost of a data breach for a large company is around $5.5M including notification, regulatory and legal expenses. Fortunately for business owners, insurance for cyber attacks is readily available and affordable.
Many small business owners we talk to understand the potential risks of a data breach but don’t see themselves as a potential target. In reality, small business is often a target of hackers because they tend to have less sophisticated data security and a breach doesn’t make national headlines.
Business owners should be aware that they are responsible for any personal data they are custodians of. Medical offices, law firms, mortgage lenders and other businesses that have access to especially sensitive information are especially at-risk. To protect yourself, the Identity Theft Resource Center recommends you evaluate your operations with the following questions:
- Information acquisition: Is there a good reason for requesting the information that you gather? Is it really necessary? Is the information acquired in a safe manner, so that it cannot be overheard or seen by others?
- Storage: Have computer security measures been placed on the systems storing personal data? Is there physical security for the data storage? Is the data considered highly classified and common access prevented? Do both physical security and network security prevent unauthorized access to the data?
- Access: Is personal identifying information available only to selected/qualified staff? Is database access audited and password controlled?
- Disposal: Do you know what goes into your dumpster? Are electronic and paper documents and databases containing personal information rendered unreadable prior to disposal?
- Distribution: Are personnel trained in the proper procedures regarding information disclosure? Do you prevent public display, use or exchange of personal information (especially Social Security numbers) in your workplace? Does this include employee or membership cards, time cards, work schedules, licenses or permits, and computer access codes?
- Personnel: Do you conduct regular background checks on ALL employees with access to identifying information? Does this include mailroom staff, cleaning crews, temp workers, and computer or hotline service techs?
Insurance For Cyber Attacks
Lastly, consider purchasing Cyber Liability and Data Breach insurance. At Safeguard Insurance, we can tailor a plan to your individual business at an affordable cost. Coverage starts at as low as $100 per year as an add-on to a business insurance policy. Stand-alone policies for mid to large sized businesses start around $300 per year and can include both 1st and 3rd party expenses, including defenses and notification expenses. Contact us today for a no-obligation analysis of your current coverage and a free quote for Cyber Liability insurance.