Cyber-attacks and breached data from businesses have become alarmingly more commonplace in the work industry. October is Cybersecurity Awareness Month, so business owners should be aware of their responsibilities if a similar incident affects their clients.
Virtually every business has data on clients, employees, and others that can be stolen, electronically “hacked”, or lost through accidental or inadvertent release.
Concerns about data breaches are so great that the state of Hawaii has enacted laws that require business owners to notify affected persons. There is also legislation with similar mandates proposed at the federal level. Beyond these requirements, a business with a data breach needs to protect its reputation.
Below are some facts and advice on protecting your business data and what to do in the event you are affected:
1. How prevalent are cyber-attacks and what are the impacts?
- Over one-third of organizations globally that experienced a cyber attack in 2016 registered a revenue loss of more than 20 percent, according to a new report by networking giant Cisco. More than 50 percent of organizations faced public scrutiny after a security breach, the report added.
- A majority of Americans (64%) in 2015 have personally experience a major data breach
- Hawaii’s annual reported losses from cyber-crime are nearly $2.5 million.
2. What are common security breaches that lead to cyber-attacks?
- Employee or contractor mistakes on properly securing data (52 percent)
- Lost or stolen laptops, smart phones, tablets and storage media such as USBs and backup drives (42 percent)
- Procedural mistakes (38 percent)
3. What are businesses required to do when their data system is breached or hacked?:
Unfortunately, only 33 percent of small businesses notified people that their personal information had been lost or stolen. Due to concerns about data breaches, most states have passed laws that require business owners to notify affected customers or clients:
- Businesses must be able to notify all parties affected by a breach
- Effectively communicate the scope of the possible damage
- Provide credit monitoring assistance, and
- Provide identity restoration case management to those affected by the breach.
Policy coverage to protect your business against data breaches:
Data compromise and cyber liability is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.
Some insurance companies, like DTRIC, have liability coverage to protect businesses, which can be added at a reasonable rate to your policy. This cybersecurity insurance includes coverage costs of recovering from a computer attack, with broad protection on network liability claims including:
- Outside legal counsel
- Forensic IT review, and
- Identity restoration services to affected individuals.
A robust cybersecurity insurance market could help reduce the number of successful cyber-attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.