Ponemon says hackers are responsible for 25.8 percent of compromised data. Employees losing laptops and other devices containing data account for 39 percent of reported data losses. However you lose the data, the price tag to businesses and consumers is huge. Ponemon’s study notes losses rose 6 percent in 2012 to $8.9 million.
Most breaches take close to a month to discover. It’s another 40 days from the discovery of the breach to the end of cleanup. Costs, in the meantime, mount. On average, U.S. businesses in 2012 paid $592,000 per incident to take care of a data breach – up 42 percent from 2011.
You may think you’re not at risk. Think again. Do you or your employees have data on laptops, mobile devices like iPads or cell phones? Lose one and you’ll learn just how complicated and costly a loss can be.
Washington law RCW 19.255.010 says if a device is lost with data on it, or if your computer system is hacked, you must determine the extent of the breach and restore integrity to your system. At the same time, you have to notify the authorities and notify customers whose data may have been compromised.
The cost to a hacked company per individual record stolen is $222. That’s costly. Here’s an example: You’re a small business. The records of 500 of your clients are stolen. That’s a staggering $111,000. For larger businesses with thousands of data entrees, the cost can hit seven figures.
Sadly, few businesses are concerned. Another survey, The Verizon 2011 Data Breach Investigations Report, learned that 63 percent of the breaches in 2011 were from firms with 100 or less employees. The Hartford Small Business Data Protection Survey found 85 percent of small business owners aren’t worried and have not and will not implement security measures to keep data safe.
The survey suggests the following best practices:
• Lock and secure sensitive customer, patient or employee data
• Restrict employee access to sensitive data
• Shred and securely dispose of sensitive data
• Do password protection and data encryption
• Put a privacy policy in effect
• Regularly update your system and software
• Set up firewalls to control access and keep out hackers
• Make sure remote access to the company network is secure
In all but restricting employee access to sensitive data (79 percent), less than half of the nation’s businesses do these things. If you aren’t doing the practices on this list, it is highly recommended that you begin.
Cyber insurance can also help mitigate your legal liability. The crime is growing and in 2013 this protection is critical. Get your chosen insurance firm to help you:
• Look at your current coverage and assess overall risk
• Determine the financial resources you have available if a data breach occurs
• Evaluate policy options that include breaches caused by contractors, lost device breaches like laptops, offline or non-technical breaches, the type of monitoring service and legal counsel you’ll need and more
And most critically, make sure your chosen insurer helps you understand the insurance you have purchased along with its coverage’s and limitations.
Rich Biggs is a principle at Biggs Insurance Services in Vancouver. He can be reached at Rich.biggs@biggsinsurance.com or by calling 360.828.3712.