Data breaches are always costly, but they have become even more of an issue as criminals take advantage of the public health crisis. For many years, the average small business was unlikely to be targeted for a sophisticated cyber attack. That’s no longer the case. Small and medium businesses (SMBs) have become frequent targets because they are perceived by cyber criminals as less prepared.
Unfortunately, the numbers tell us that this is often true. A new study reveals that 57% of SMBs believe they won’t be targeted by online criminals, but almost 20% experienced an attack in the past year. These data breaches are costing more than ever before, with an average cost of a data breach for small businesses at $108,000. And, lost money isn’t the only matter at stake.
Back in 2015, we wrote about a cyber incident reported in the NY Times that affected a restaurant named Eataly. Eataly had a fairly typical small-business experience when it suffered a data breach. A quote from a statement made by the restaurant is representative of how SMBs are impacted in the event of a breach:
“The disruption to our business, the extent of unanticipated costs and expenses, and the unwelcome frustration and concern caused upon our customers have all been, and continue to be, significant.”
This example is typical even more so now, as many businesses struggle to stay afloat amidst an unpredictable pandemic market. During times of upheaval and change, cyber criminals capitalize on fear and uncertainty. Experts say that different types of attacks are on the rise.
Among the most common types of attacks are:
In which criminals encrypt files and demand a ransom to restore access, has increased by 90% according to a recent report by VMware.
- Destructive Attacks
That describes a scenario in which data and networks are destroyed is currently up by 102%.
- Island Hopping
Which involves criminals using the networks of companies to attack customers and partners has risen by 33%.
Why Aren’t Businesses Aware of the Danger?
In small data breaches, the costs, disruption, and reputational damage are all greater than the small business ever anticipated. Businesses often mistakenly assume “It won’t happen to me” or “This is probably covered somewhere in my insurance.”
We hear about big breaches in the news and a lot of education is happening in the insurance world—from the carriers, down to the agents, down to the end customers. The typical response from a small business is that they outsource the payment processing, that they don’t keep a record of card numbers, or the data is not on their computers. But, what they aren’t realizing is that at the end of the day, liability isn’t outsourced.
Businesses are responsible for any damages associated with a third-party data breach. This type of event can be very damaging to small companies and can put many of them out of business because they often don’t have the financial resources to manage a breach.
Burying your head in the sand isn’t a good approach, as a data breach can be incredibly costly. Check out these figures:
- How Much Does a Data Breach Cost a Business?
For a small or medium-sized business (SMB), the average cost of a breach is $108,000, as stated above. Meanwhile, the cost for enterprises (businesses with more than 1000 employees) has risen to $1.41 million, up from $1.23 million the previous year. The financial damage will vary significantly depending on the size of the company and the nature of the breach.
- What is the Average Per-Record Cost of a Data Breach?
In 2020, breached data cost businesses an average $150 per record––and even more ($175) when breached via a malicious attack.
- How Many Businesses Get Hacked a Year?
More than 10,000 cyber claims are made each year, which doesn’t even include those submitted via a cyber add-on to another policy. It’s estimated that more than half of all businesses suffer a hack in a given year.
ProWriters Can Bring Insurance Expertise
Small business cyber insurance is affordable and easily obtained. Our advice to business owners is to get educated, start with some basic risk management in this space, and talk to a cyber insurance specialist. With a dedicated cyber policy, a business will usually get access to risk management services as well as post-breach services like expert privacy lawyers, a public relations team, forensic firms, and notification companies that can set up a call center, etc. All of this can save a small business from the unanticipated costs, expenses, and frustration that comes with a data breach.
These days, everyone claims to be a cyber expert––and while they may have access to cyber insurance products, they may not have the expertise you and your client need.
At ProWriters, we have been underwriting Cyber Insurance for more than 20 years. We can get you and your client with the right carrier, the right coverage, at the right price.
Learn more about how to become your clients’ cyber expert in our complimentary whitepaper, The Six-Step Guide to Becoming Your Clients’ Cyber Expert.