21 Jun Does My Small Business Need Data Breach Coverage?
By: Samantha Dutra, CIC, CLCS
Cyber risks are everywhere these days, including small businesses. A shocking 46% of businesses who don’t buy cyber coverage believe they do not need it. In today’s business environment, that couldn’t be more frightening. After all, “Data Breach” doesn’t just mean electronic.
What is Data Breach?
Many of the clients I see who do not buy Cyber coverage feel their business doesn’t have any risk associated with their operations. Let me tell you, data is in the cellular makeup of just about every business you can think of.
Take a moderately-sized Roofing Contractor. The common perception may be that this company works in the field with hand tools rather than computers, so why would they need data breach coverage? That is a valid response, however, it is important to remember that Data Breach doesn’t always mean electronic files. Data Breach can also cover Data in paper form. What would happen if one of the Supervisors was working on a couple of bids and happened to have paperwork on a high value residence? Someone out there might really want to know about the residence, what’s under construction, or maybe they want to steal their bid information? What if the bid is for a stadium or government office and contains blueprints? Perhaps the building is a high value target for terrorism. It still needs a roof, right? Say this Superintendent leaves all his paperwork in a hotel lobby after a client meeting and a person with ulterior motives comes across it? Criminals can make use of data in whatever form it arrives in. Just because it’s on paper doesn’t mean it’s less valuable.
If you’ve ever been in chiropractor’s office or other healthcare facility, it would seem the records are always in the racks of files behind the front desk. Does the Doctor ever take files home to review and complete? Those are easily left when out and about. What if HIPPA protocols are violated? Fines and penalties can be steep and potentially lethal to a small healthcare office, but that’s another blog post.
Real Estate brokers, Insurance Agents, Attorneys, Accountants, and other Professional Services also have a considerable amount of information in their possession. They could have client’s banking information, credit history, date of birth and Social Security number. You might say those are locked away on a secured laptop. You may also say that laptop has no access to a network, so Ransomware isn’t an issue. What if an Account Executive takes their laptop on vacation to Hawaii with them? To that point, I’d ask you to do a Google Search of “How many laptops are left in airports each week?” The numbers are surprising. Even more surprising is that many offices still do not believe they need to have coverage for data breach.
Most Business Owners access their emails on mobile phones, and some might even do their business banking. What would happen if someone got that data out of your phone without you knowing? The Internet of Things is very real, and very frightening. Attacks on devices are growing every year, and Data Breach coverage can help cover the costs of rebuilding after a loss.
There are also other upsides to purchasing Cyber coverages, such as risk management advice and network security evaluations available through carriers that may help prevent a loss before it even happens. There is much, much more information available on the many facets of Cyber coverages, with Data Breach being just one example. Please do not hesitate to reach out to Stone Creek Insurance Agents for any questions you have on the matter and how it impacts your business.
Sources: Advisen Ltd. Zurich Whitepaper: Information Security and Cyber Risk Management Survey – October 2016
All information is general in nature and is intended to provide guidance only. It is up to you to request specific coverage options, the agency and agent do not bear this responsibility. Always read the policy if there is a questions about coverage or a claim. If any information herein should conflict with your actual policy’s specific language, the policy language will be controlling.