This month, we’re proud to be featuring Lawton Insurance’s Director of Professional, Medical and Cyber Liability, Joe Davis, as a guest blogger.
Joe Davis, J.D., cyRM, is the Director of Professional, Medical and Cyber Liability at Lawton Insurance. Joe is a licensed attorney and certified cyber risk manager. His business is focused on management liability, professional liability and cyber risk.
Cyber Risks for Small Business Owners
Technology is the lifeblood of every company today. Whether you are simply storing employee and customer information, or conducting e-commerce, technology has become a significant risk that companies cannot afford to overlook. As reliant on technology as small companies have become, there are still only a small percentage that have invested in cyber liability insurance. The average cyber policy costs less than $1,500 a year and the average cyber breach costs $350,000 that your current insurance policy will not cover. It is enough to bankrupt a small business. Companies would never think of operating without property and casualty insurance. Yet, everyday companies are ignoring a risk that has the potential to cause just as much financial damage.
Most small companies are unaware of the high risk that data breaches can have to their financial viability. There is a common misconception that hackers only target large, high revenue companies. But the statistics show that small businesses are far more likely to be attacked. This is because they are an easier and more attractive target.
When a company has a breach, restoring data is not the only expense that will occur:
- Notification Costs: There are 46 U.S. states that have adapted a breach notification law. The laws generally apply to all companies that own, license, store or maintain certain sensitive personally identifiable information (PII). Failure to comply with state notification laws can result in regulatory fines and penalties.
- System recovery: Recovering data can be expensive. Recovery strategies should be developed for information technology (IT) systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity.
- Regulatory: If a data breach results from your business’s lack of compliance with regulatory guidelines, the government will levy substantial fines. In many cases, small companies may not have known they have violated a law or statute.
- Liability: Small companies will be responsible for costs incurred by customers and vendors as a result of a cyber breach.
- Class Action Lawsuits: Class action lawsuits against small companies are on the rise. These are coming as a result of stolen customer data.
Many companies believe that their Business Owners Policy (BOP) provides coverage for cyber breaches. Unfortunately, that is not the case. A standalone policy can cover the following and much more:
- Identity theft
- Loss or corruption of data
- Computer and legal forensic costs
- Credit monitoring costs
- Business interruption Website media liability
- Cyber extortion
Risk Management in the age of cyber attacks
Unlike large companies, many small companies do not have a risk management department. Working with an agent who understands cyber exposure can help to provide guidance and suggest risk management policies and procedures. Below are examples of risk management systems:
- Installing security software and hardware
- Using cloud computing services
- Backing up data at offsite locations
- Contracting with a security services vendor
Regardless of size or industry, companies should consider implementing additional risk management practices to protect their data. Doing so on the front end can help to secure your and your customers’ valuable data against a cyber-attack.
Finding a Solution
In many instances, when a small company’s data systems are hacked, and customer and employee data is either lost or stolen, the cost of investigation and reconstruction can be significant. Customer and vendor notification expenses alone can be enough to financially cripple a small business. Once a breach is detected, the process of getting everything back to “normal” can be very expensive. The affected company will need to hire experts to determine if lost data can be retrieved, or if new hardware and software needs to be purchased. Additionally, hired experts will need to assess what it will cost the company to protect its data systems and websites from future breaches.
For business owners to operate with peace of mind, cyber liability insurance should be considered an essential part of their companies risk management strategy.
Call your IT consultant in Bowling Green, and take that next step in strengthening your computer network support system. Your ABR network consultant in Bowling Green will guide you through selecting the appropriate anti-malware software for your business and assist in communicating the importance of cautious internet use to your employees.