Have you ever thought about how much personal information your business stores from your clients and/or employees?
Do you acquire credit card information, driver’s license numbers, social security numbers, or medical record information? Where do you keep that information and how safe is it? How much would you have to pay your client or employee if their information was taken from your records and used to destroy their identity or access their financial assets?
The companies that are most at risk for a serious data breach are those that handle and store some of their clients’ and/or employees’ most personal information. These companies can include financial institutions, accounting offices, law offices, medical offices, municipalities, retail or restaurant organizations, and technology companies.
Studies show that your business will likely experience some type of attack, either electronic or paper, within the next 12 months. “Seventy-three percent of small-to-mid-sized companies experienced a cyber attack in 2010, and 30 percent of those attacks were extremely effective.”1
In most states, if your business is responsible for the breached information, then your business is required by law to pay for three years of identity theft protection for each individual whose information was breached—no matter whether the breach resulted in damages or not. For reference purposes, the average cost per compromised record for this service is approximately $200 per year. This means your company could be responsible for approximately $600 per client and/or employee whose information is breached.
After this cost, your business is still liable for financial damages, fines, restoring credit worthiness, and restoring your good name and reputation. Luckily, there is insurance coverage available to help.
A cyber/privacy liability insurance policy can mitigate this exposure on your behalf. Cyber/privacy liability coverage is not found, or may be very limited, under your current policies. This specific policy can cover your cyber/privacy liability exposure, your data breach notification costs, damage to your hardware/software systems (including web sites and intellectual data), public relations cost reimbursement, and business interruption coverage for the time that your business can not operate due to the breach.
If your company collects personal information and does not have this policy, please contact your Leavitt Group insurance advisor for more details.
1 McConville, Jim. “Smaller Private Companies At Greater Risk of Cyber Attack.” Financial Advisor. December 12, 2011.
2 Ponemon Institute & Symantec Corporation. “Data Breach Risk Calculator.” https://databreachcalculator.com/