Downside of Online: Cyber Crime and Stolen Data
How safe is private information when stored electronically?
You may not want to know the answer to that question. But if you’re just a bit curious, consider visiting privacyrights.org/data-breach.
The site allows you to scroll through a frequently updated chronological list of reported breaches of private data. Some data are lifted from large companies everyone’s heard of. What’s surprising is how many of the breaches occur at smaller organizations.
The information on this site should serve as proof that when it comes to the safety of personal data, businesses big and small must be on alert!
While it’s the large breaches that make headlines—think Citigroup or Bank of America—smaller businesses may be at a greater risk. They often lack the infrastructure and resources to protect from cyber criminals.
What does a cyber crime cost? According to the Ponemon Institute’s First Annual Cost of Cyber Crime Study, published in July 2010, a business can expect to pay an average of $204 per customer record that is lost or stolen.
Cyber Crime Defined
According to the Ponemon study, the list of cyber crimes is rapidly growing. While many are aware of common cyber crimes, such as identity theft, the list also includes other crimes that can cause damage to a business’s electronic infrastructure. Examples: theft of a business’s intellectual property, the creation/distribution of viruses and malicious code, and the publishing of private data in a public forum online.
Business owners may struggle to keep up with these often-sophisticated threats. Such threats place a tremendous burden on business owners to prevent these losses. Many states have turned to legislation that requires business owners to spend money notifying consumers when a potential breach has occurred.
And some such laws go as far as to require the business owner to help pay the cost of the consumer’s data recovery. In March 2010, Massachusetts became the first state to pass comprehensive legislation requiring business owners to take preventative measures to protect data before the loss happens. Failure to do so can result in fines against the business owner. Business owners in other states also may be impacted by this law, as it’s designed to protect residents of Massachusetts regardless of where the breach occurs. That means your business, even if located in another state, may be subject to fine if your records contain private information on Massachusetts consumers and those records are breached.
Protecting Your Firm
There are a number of insurance products available to help business owners to deal with the cost of cyber crime. Policies may address both first and third-party losses.
What is a first-party loss? This is a cost the business owners may absorb to cover the firm’s own expenses caused by a cyber crime. Examples may include:
- Notification and credit-monitoring for compromised individuals. (Most states currently have laws in place requiring the business to pay the cost of notifying all consumers that may be victimized by a breach. Most laws require these costs to be paid regardless of whether or not the consumer has suffered financial damages resulting from the breach.)
- Cost to restore data that has been stolen or damaged.
- Lost income resulting from down time caused by a damaged network, lost information or data breach.
How about a third-party loss? When a cyber crime occurs against a business, other parties also could be impacted. A third-party loss describes costs that appear when others incur expenses that can be attributed to the cyber crime. Examples may include:
- Defense costs.
- Judgments and settlements for lawsuits brought by customers, employees and other third parties—such as a company claiming its network was damaged by a virus from another infected network.
- Costs associated with fines or penalties imposed by a regulatory body.
Why Coverage is Critical
Cyber insurance is designed to protect a business when costs are incurred due to a cyber crime. Business owners should note that common insurance policies such as commercial property, business income, and general liability often restrict—and in many cases exclude—cyber-related damage.
Business owners beware: You should be skeptical of enhancements to such common policies designed to address the cyber exposure. These so-called “cyber enhancements” are often very limited and should not be relied upon without thorough examination of an insurance professional.
If you’re a business owner, threats to your data come from a variety of sources. Whether you’re the victim of a random hack, disgruntled former or current employee, angry competitor or anyone else, cyber crimes can serious damage your business. Worse, if the crime results in a breach of private consumer data, state law may impose significant fines that could devastate your firm’s bottom line. For more information about insuring against these growing exposures, call your Trusted Choice® independent insurance agent today.