Data breaches are serious problems and they don't just affect big corporations. Increasingly, small businesses are being hit by this expensive cyber threat.
While hacking-related data breaches and subsequent ransom demands to large corporations like HBO, Target, and Home Depot understandably captivate public attention, they produce a false assumption: that only large companies face the growing threat of data breaches. In fact, according to a study conducted by Accenture, 43% of all cyber-attacks target small businesses. Even more alarming is that more than half of all small businesses suffered a cyber breach in 2019. Let’s take a look at specifically how this increasing threat affects small businesses.
One of the biggest problems with determining the true impact of a data breach is that a significant portion of the financial costs are hidden. In reality, the direct damages as a result of an attack are almost always less than the hidden damages.
The trusted professional services consultancy Deloitte determined in 2019 that up to 90% of cyber-attacks total costs were hidden in an analysis titled “Beneath the Surface of a Cyber-Attack.” Deloitte claims that these “hidden” costs can accumulate for years after an attack or breach and often include hard-to-measure effects like brand and reputation damage, decreased confidence in the victimized company, and increased costs associated with debt financing.
As a result, Deloitte claims that widely accepted financial estimates of the impact of cyber-attacks and data breaches are greatly undervalued.
Example Data Breach Costs
The following industry-specific examples are based on claims data collected by the data breach insurance carrier RGS Limited and a 2016 small and medium-sized company data breach report published by the state of California.
- Dental Practice
Patient records were stolen resulting in a total breach response cost of $33,000 including notifying each affected patient.
A breach of payment card information resulted in $24,000 of audit expenses and an additional $75,000 in fines and penalties from the credit card companies.
- Travel Agency
A breach of private customer information ended up costing $27,000 in forensic audits, fines, and various legal expenses.
- Retail Store
An undisclosed data breach resulted in a $39,000 fine after a $10,000 forensic audit exposed the cyber-attack.
- Bowling Alley
A breach involving payment card information and personally identifiable customer details triggered a $60,000 fine from the credit card companies whose information was exposed.
According to Security Magazine, the average cost of a data breach for a small business is between $36,000 and $50,000. Obtaining Data Breach Insurance to cover these “above the surface” costs is always smart and a great first line of defense. In fact, most cyber liability and data breach insurance policies, including a policy with $100,000 in protection that Layr sells for just $250 per year, will pay for fines, forensic audits, notification costs, and legal costs.
But how do companies deal with the “below the surface” costs that Deloitte estimates to be far more significant? Experts provide several recommendations for ensuring that the financial impacts associated with a cyber breach are minimized.
bookmark_border Free Resource
Develop a Robust Password Policy
Employees are notorious for using weak or common passwords that are easy for thieves to hack. Educate your entire team on the importance of strong and regularly updated passwords. When possible, enable settings that force strong passwords by requiring a combination of upper and lowercase letters, numbers, and special characters. For even greater security, employ two-factor authentication in addition to your robust password policy.
Deploy a Firewall
Setting up a firewall is like surrounding your company network with layers of walls and checkpoints. They manage access to all incoming and outgoing data through fully customizable rule sets and logging. Don’t be intimidated by how expensive or difficult they might sound; there are many affordable firewalls and the Internet is full of tutorials that can walk even the most tech-inept business owner through the process of getting one setup.
Protect Company Email
Email is one of the most common ways for hackers to gain access to a company’s data. We’ve all received emails that sound too good to be true or asking us to click an unfamiliar link. Always run your business email through a reputable email provider like Google’s G Suite or Microsoft’s Office 365. When properly configured, these email providers are capable of identifying and filtering out nearly all phishing attempts. If you use an email client in addition to webmail, always keep the email client up to date. Finally, ensure each employee has adequate antivirus and malware prevention software installed and regularly updated.
Unfortunately, cyber-attacks and data breaches are a real and costly threat that every small business owner faces. And while Cyber Liability and Data Breach Insurance offer protections that companies of all sizes should have in place, these policies aren’t designed to be the only safeguard. When you combine a sound insurance policy lineup with defensive measures like the ones listed above, you’ll be well-equipped to respond and overcome digital threats.