Complete security is impossible in the digital age. Instead, aim to be as secure as possible and have an action plan for when things go wrong.
According to a 2016 report1, 43% of cybercrimes are targeted at small businesses, an increase of 18% in 2011. When hackers or other thieves search for digital prey, they sometimes look for easy targets with customer data, payment info, data they can hold for ransom or other valuables.
Small businesses often have lower security than larger establishments but are still likely to have these kinds of valuables stored on their systems. This might make them popular targets.
Continue reading the guide or if you are ready to get a quote:
Receive quotes from these direct insurance brands
Depending on what’s lost, the cost of data breach or loss might include:
- The value of the data itself. If data is corrupted, becomes unusable or is held for ransom, the cost might be the ransom paid, the business lost or other value in the data itself.
- Potential liability costs. Businesses are often required to take appropriate steps to secure confidential customer information. A failure to do so may lead to lawsuits or penalties.
- Indemnity costs. If data theft, loss or corruption leads to an inability to carry out your contracted job, you could be liable for related indemnity costs.
It’s important to nore stolen data can’t be returned the way physical goods can. Once it’s out there, you can only assume that it’s been replicated and that anyone might have access to it. In such circumstances, you might have no choice but to take drastic and expensive steps.
As you can imagine hacking, electronic failure or other data losses can be potentially ruinous. For example, it’s estimated that in 2014 about $16 billion was stolen from consumers in the US, from identity theft alone. Much of that had to be paid back at the expense of businesses and banks.
There are no sure-fire ways of making sure all your systems are completely secure and will never be misused, especially if they’re connected to the internet. There is always going to be some risk. For example:
- Your employees might make more money than you could ever pay them from selling confidential information.
- No system that is connected to the internet is 100% secure.
- No one is immune to mistakes, and any system that involves humans is vulnerable to social engineering and similar “hacking”.
How to protect your assets
You can improve your security by:
- Using effective antivirus and malware filters and scanners.
- Making sure you and your employees are all well-trained, at least with basics like avoiding suspicious emails or clicking pop ups.
- Keeping your computer systems up to date.
- Ensuring that confidential information is encrypted.
- Backing up your data securely. Hardware is always subject to potential failure, and any data that is not backed up will be lost. It’s a good idea to automate backup if necessary.
- Always remembering to protect company phones, and assess staff security for those who work remotely or connect from networks outside the field.
- Setting up business insurance that also covers you against cyber threats
What needs to be protected?
Assets and tools to protect include:
What to do when things go wrong
One of the first questions a company asks themselves after discovering a breach is whether or not they should inform their customers.
Companies can approach a security breach on the following ways:
- Promptly notify their customers, and take steps to maintain consumer confidence.
- Try to cover it up, but run the risk of being discovered and penalised.
- Cover it up without being discovered. Naturally the public would not be notified.
You may want to use third-party experts to advise you on the best practises for your situation. These might be consultants, digital security specialists, insurers or experienced in-house staff.
Can insurance cover lost or stolen data?
Yes. However, it depends on the type of breach or loss, the type of insurance and your situation. There are three main types of business insurance, each of which might cover a different situation.
- Loss and damage business insurance. This is the type of cover that might pay for a burned building, storm damage, or the destruction of data. Some policies might exclude cover for the loss of digital or electronic data, while others might offer it as an optional extra for a specific sum insured, and some might include it automatically. It can be worth checking how a business insurance policy covers data.
- Professional indemnity insurance. This type of cover protects your business against claims for loss or damage arising from the provision of your professional services. For example, if you collect confidential customer information that is hacked and used to commit identity theft and the customers sue you for the costs. You might find “cyber cover” excluded, offered as an optional extension or as an automatic inclusion depending on the policy.
- Public and product liability insurance. This can cover you against unintentional loss caused to others, potentially including invasion of privacy, libel, slander, blackmail and other types of non-physical loss that may result from data theft. It’s similar, but not identical, to professional indemnity insurance. The exact cover may vary between policies, and you’ll often find exclusions for computer viruses and other “preventable” breaches.
In all cases, sublimits or specific exclusions may apply.