Cyber Crime: It’s Not If, It’s When

The digital world is rapidly evolving and cyber crimes that impact small businesses are becoming increasingly common.

Visa reports 85 percent of data breaches involving credit cards are from small businesses.

Even the best processes and systems can leave a business exposed to expensive costs relating to their responsibility to protect personally identifiable information. More than 675 million records were exposed due to data breaches within the past few years, according to the Identity Theft Resource Center.

In October 2015, credit card companies shifted to potentially place the liability on merchants without a chip reader for fraudulent charges and costs to reissue cards.

Using chip readers may help limit liability from the credit card companies but they do not eliminate all of a business owner’s responsibilities, and the risks are big for small businesses. About 60 percent of small businesses shut down within six months of being victims of cyber crime, according to the U.S. House Small Business Subcommittee on Health and Technology.

The news typically highlights the larger, big-named companies; however, it has become evident that there is no discrimination in size when it comes to data breaches. In fact, those trying to steal personally identifiable information often seek out smaller entities with potentially less security controls.

Even companies with the best security measures in place are exposed and subject to the laws that require proper notification to exposed payment card users as well as potential fines and penalties that can be assessed from credit card vendors or governmental regulators.

Many businesses are unaware of their responsibility to keep data safe or the ways they can protect their intangible property. A misconception often heard is that if a business has a vendor processing their credit cards, they are not responsible for a data breach. However, being the data owner, the business is still liable for keeping the information safe and providing proper notification.

Cyber liability insurance was created out of the need to transfer risk of potentially crippling loss and expense due to the increased oversight, scrutiny and legislation regulating the security of personal information.

Since technology is ever changing, transferring the risk to an insurance policy is a great way to help protect your operating budget and assets of your company, as well as give you access to experts who can help you in the event you have a breach. You should always read your policy and discuss with your agent. However, below are examples of some of the coverages available:

• Data Breach Liability – Claim for failure to protect private information.
• Security Breach Liability – Claim for failure of security controls (anti-virus protection, firewalls) to prevent data manipulation, transmission of malicious code and denial of service attacks.
• Defense of Regulatory Proceedings – Due to violations of federal or state laws regulating the protection of private information.
• PCI (Payment Card Industry) Fines & Penalties – Credit or debit card industry fines and penalties for inadequately securing payment card information.
• Data Breach Expense – Expenses incurred in responding to a data breach. Those expenses include notification and mailing costs, public relations, forensics and credit monitoring.
• Cyber Extortion Threat Expense – Extortion payments, expense to hire negotiators and rewards to catch extorters.
• Website Liability – Claims of libel, slander, invasion of privacy, plagiarism, misappropriation of ideas and infringement of copyright and trademark arising from the organization’s website activity. This includes social media, which is normally excluded under a standard general liability policy.
• Identity Theft – Credit monitoring and other personal expenses incurred by board members, owners or partners in resolving identity theft.
• Risk Management – Access to top attorneys versed in privacy litigation as well as service providers who are experts in data breach and identity theft and are ready to guide you through resolving your issues.

Data breaches are not going away soon and the issues are rapidly changing. Protecting businesses is more important than ever because, with cyber crime, it’s not if; it’s when.

For more information about they types of insurance available, contact Carl C. Dent, North American Retail Hardware Association (NRHA) Member Insurance coordinator. Dent can be reached at 704-237-8709 or nrha@memberinsurance.com.