How safe is your company’s data? Small businesses all over the world are vulnerable to data security breaches—and they may not even know it.
Many small business owners understand the importance of ongoing assessment of malicious threats (such as hacking and phishing) and non-malicious threats (such as employee mistakes like laptop losses, data leaks, and application glitches). But many of these owners aren’t as aware as they should be. They believe that their business data isn’t important enough to attract the attention of a hacker. They may trust their employees to know enough to take care of their part.
These small business owners may not realize that a breach in cyber security can have a serious financial impact. In fact, the financial cost of a data breach can be astronomical, and a targeted company may never be the same again.
Here are the facts:
- 85% of claims in the 2014 NetDiligence Cyber Claims Study came from small business owners
- 60% of small businesses that were attacked did not recover to full operations
- 50% of attacks come from internal employees (through loss of stolen devices, mismanaged documents, rogue employees, or other vulnerable spots)
The good news is that it’s relatively easy and inexpensive to take steps to avoid, prevent, mitigate, and transfer the risk of a cyber attack. Making a plan can help to raise awareness and increase preparedness.
Follow these easy steps to begin:
- Identify the key stakeholders within your organization especially those in risk management, information technology, legal, operations, human resources, and public relations.
- Create and maintain a data inventory, including important details about that data: where it’s located, who has access to it, and the controls in place to protect it. You may not have the resources to protect all of your data, so prioritize the most sensitive data and protect that first.
- Train employees on proper procedures for handling data or maintaining business property and equipment while offsite. Even non-malicious threats from employees can lead to a large financial hit for a small business owner.
- Test your plan regularly, including walking through possible scenarios to identify weaknesses.
If you’re curious about the potential costs of a data breach to your business use the Data Breach Cost Calculator to help you understand the financial impact.
When a security incident occurs, time is of the essence. Don’t wait until you’ve been attacked to put supports in place. A small business with an effective incident response plan has a much better chance of recovery than one without a plan. Part of the planning process should involve consideration of risk transfer via cyber insurance. A small business protected by both data protection safeguards and cyber insurance will likely be better equipped to mitigate the financial and reputational harm in the aftermath of a data breach.
John Farley, Vice President and Cyber Risk Practice Leader at Hub International, has 23 years of experience in insurance and risk management. John is the internal lead resource for pre and post data breach services. John frequently speaks at cyber risk seminars and symposiums, and is an accomplished editorial contributor and thought leader on cyber risk management.