In today’s cyber society, thieves have found a new cash generator – secure data. Every day, breaches are in the news. Most everyone has heard that Sony was breached for millions of records through PlayStation. What we are now learning is that the fastest growth area of data theft is from small business. A recent Wall Street Journal article cited the fact that in 2010, the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit responded to over 750 breaches. More startling is that over 60% of them were at companies with less than 100 employees. The unfortunate truth is that a data security breach carries with it substantial costs in addition to any liability damages that may be assessed against your firm. No business seems safe. Documented breaches, of every magnitude, are occurring in virtually all types of business, including financial institutions, merchants/restaurants, schools/universities and municipalities. Based on a survey conducted by NetDiligence , the average cost of legal defense was $500,000, cost of forensics and related services was $200,000 and the average legal settlement was $1 million.
In additional to liability damages, three of the key areas of financial impact from a security breach include:
1. Crisis Services which can include forensics (problem diagnosis and repair), notification, credit monitoring, and legal counsel. To get an illustration of the potential impact on your firm, copy this link and go to this address: http://databreachcalculator.com.sapin.arvixe.com/
2. Business interruption costs
3. Public Relations costs to mitigate adverse media attention and related expenses to preserve favorable relationships with customers.
Another unfortunate truth is that a great burden is placed on business for compliance through a myriad of regulations. Based on the Health and Human Services website , there are roughly 46 laws and/or regulations regarding Confidentiality, Privacy and Data Security. While the leading acts are HIPAA, GLBA 501b (Graham-Leach- Bliley), HITECH (Health Information Technology for Economic and Clinical Health) and ERISA, there are many other federal regulations that can trigger fines or penalties. In addition, any business processing credit card transactions is also subject to Payment Card Industry (PCI) standards. Individual payment brands (e.g. Master Card, Visa) can and do impose fines and operational consequences on their retailers.
Don’t wait. Contact Early, Cassidy & Schilling, Inc. and let us help you asses the potential impact to your business. We will help you minimize your cyber risk by identifying control methodologies and transferring risk through insurance.
Written by Michael Fragola, VP Business Development, Early, Cassidy & Schilling, Inc.