As the number of data breaches involving smaller businesses continues to grow, a survey by The Hartford finds 85% of small business owners said a potential breach of their own data was unlikely, and many are not implementing simple security measures to help protect their customer or employee data.
“Most of the business owners surveyed believe they are not at risk, when in fact smaller businesses are increasingly being targeted,” said Lynn LaGram, assistant vice president of small commercial underwriting at The Hartford. “As cyber criminals set their sights on smaller firms, it is important for business owners to take proactive measures to protect data and minimize the likelihood of a breach.”
Nearly two-thirds of business owners surveyed said that a data breach violates trust and would jeopardize their relationships with customers, patients and employees. More than a third said they have a more negative opinion of companies that have recently experienced a breach, based on the companies’ handling of the breach.
About a third of business owners said they would have difficulty complying with laws requiring that they notify the affected parties if a breach were to occur, and nearly half acknowledge it would be impossible for a small business to completely safeguard customer, patient or employee data.
As part of the survey, The Hartford asked the business owners which types of data protection best practices they had adopted.
- Lock and secure sensitive customer, patient or employee data (48%)
- Restrict employee access to sensitive data (79%)
- Shred and securely dispose of customer, patient or employee data (53%)
- Use password protection and data encryption (48%)
- Have a privacy policy (44%)
- Update systems and software on a regular basis (47%)
- Use firewalls to control access and lock-out hackers (48%)
- Ensure that remote access to their company’s network is secure (41%)
Besides these methods, businesses of any size that store sensitive employee or customer information should also consider purchasing insurance to help them respond to and recover quickly from a breach.
Data breach coverage is typically issued as an endorsement to your company’s business owners’ policy and will generally provide coverage for expenses and legal liability resulting from a breach. Some carriers also offer access to services to help them comply with data breach notification laws.
Companies that store sensitive client or patient data, such as those in healthcare, financial or professional services, and restaurants and retailers with the large volume of credit-card information they process, should consider this coverage. Data breach insurance will often include:
- First-party coverage for response expenses, including legal and forensic services, notification expenses, crisis management and good-faith advertising expenses;
- Third-party coverage for defense and liability, including defense costs, civil awards, and settlements or judgments that an insured is legally obligated to pay;
- Consultation, including help with breach notifications.