Cyber Liability: A Scary Risk for Your Small Business

Published on Tue, 10/15/2013 - 17:02

The term “cyber liability” sounds like something from a Star Trek movie. But if you think it’s NOT something that pertains to your business, think again.

The fact is cyber liability affects businesses of all types and sizes.

What exactly is cyber liability?

As a business, you have a duty to maintain the privacy of other people’s data. So, if your business collects or stores personally identifiable information (such as social security numbers, birthdates, phone numbers or credit card numbers) for employees, customers, organization members, or patients, you could be held liable, fined and incur remediation costs if your data is ever breached or compromised.

How do data breaches occur?

Data compromises occur in countless ways – from stolen laptops to web-based attacks, human error and data exchange failures. Consider the following real life examples:

  • A grocery store chain is hacked, resulting in fraudulent charges to customer debit and credit cards.
  • A nonprofit company in Maine accidentally posts a donor database on its website. Donors’ personal information was accessible via Internet search for two weeks before it was taken down.
  • The personal information of more than 1,000 military veteran patients is exposed after a hospital employee improperly disposes of records.

Forty-six states now have data breach notification laws, so if and when a data compromise occurs, you may be responsible for the legal coordination of properly notifying everyone involved. Many companies also incur the additional remediation expenses of offering credit monitoring services to the affected parties, managing public relations and paying for an investigation to identify the cause of the breach. There may also be fines and penalties owed.

If you think this sounds expensive, you’re right!

The Ponemon Institute reports an average cost of $194 per person affected. So, if you have 100 employees with compromised data, the breach could cost at least $19,400. On the other hand, if you have 5,000 clients with compromised data, it could cost nearly $1 million!

Are small businesses really at risk?

Yes! In fact, a 2012 U.S. Secret Service and Verizon Communications Inc. study found that more than 72 percent of data breaches occurred at companies with fewer than 100 employees. Small businesses are easy targets for hackers because their security practices can be less sophisticated.

What can you do?

Just as you secure general liability insurance to cover your business in the event that your products or services cause harm to others, you should also consider cyber liability coverage to help mitigate your data breach exposure. Cyber liability policies vary widely by carrier, but they generally include coverage for defense and settlement costs, remediation expenses and penalties. Policies are much more affordable than the business risk of going without coverage.