Protect Your Business from Data Theft
By: Tracy Dahl-Webb, Howalt-Mcdowell Insurance, Inc. - Sioux Falls, SD
In December, 2013, consumers were rocked by the news that Target, one of the nation’s largest retailers, had suffered a massive data breach. Up to 40 million credit card accounts (1) were affected by the data breach, and Target says 70 million customers lost private information as part of the breach.
The cost to Target is an estimated $420 million, plus $100 million to upgrade their security systems. Banks and credit unions spent $200 million re-issuing credit cards to affected consumers. And the loss to Target’s reputation is incalculable.
So, why should small-and-medium-size businesses be concerned? Surely the data thieves are focused on big fish like Target and not on smaller companies?
In fact, the thieves slipped into Target’s system through a smaller company (2) – an HVAC contractor, whose connections to Target’s computer systems were used to upload malware, which was then used to steal consumer information.
“The moral of the story is that a security breach at a small company – Fazio Mechanical has an estimated $12.5 million in revenue – caused a half-billion dollars in damage and the costs are still adding up,” wrote James Fields (3), owner and President of IT service provider Concept Technology and IT staffing company Scout Staffing.
It’s safe to say no company, big or small, wants to be caught in the middle of a security breach.
A recent report by the New York Attorney General stated that reported data security breaches more than tripled between 2006 and 2013.
According to The Marsh & McLennan Cyber and Data Security Risk Survey of 2013, nearly two-thirds of respondents said they discussed IT security at an executive level only two or fewer times a year and one in seven (14 percent) never discussed it at all (4). Cyber security is becoming too big an issue to simply hand ioff to the IT department.
Business owners need to recognize that data security is not just something for the IT department to worry about. Protecting personal, as well as business, information should be a company-wide, cultural value, and employees at all levels should be aware of best practices to prevent data theft.
When data thieves do strike, cyber liability policies can protect companies from these costs. Cyber policies can provide both first party and third party coverage. First party cover will help companies with notification of affected parties, hiring a crisis-management team, covering fines imposed by regulators, providing free credit monitoring to affected customers, and covering the cost of any business interruption – for example, costs that may be incurred if a site’s website is down for a period of time. The resources these policies provide access to can be invaluable at the time of a loss. They have experts that can help companies navigate the differing laws and regulations that exist in different states.
Third party coverage provides protection against possible lawsuits that may arise from a data breach. Other coverage options are available; there’s’ a range of cyber-insurance policies tailored to small- and mid-size companies.
Cyber insurance policies don’t only protect you from the costs of business disruption in the event of a data breach. They also provide a roadmap on what companies should do when a breach is discovered. The best policies have a 24-7 call line, by which carriers can put business owners in touch with experts, legal counselors, and other resources. And policies can help defray legal costs if lawsuits are brought by federal or state regulators.
Every company – and every person – has an amazing amount of data at their fingertips every day. Being smart about protecting yourself against data theft is simply part of doing business in today’s world.
Tracy is an insurance agent and consultant at Howalt+McDowell Insurance, a Marsh & McLennan Agency. Her communication skills, experience, and insurance knowledge make her an excellent fit for the complex needs of the healthcare industry. Tdahlfirstname.lastname@example.org