While sitting in my doctor’s office, I started thinking, “What if?” What if the doctor’s computer network were hacked tonight? Does he have knowledgeable I.T. staff protecting the sensitive personal information in all those patient files, including mine? I could end up having to chase my identity. I would have to monitor my credit report, get new credit cards, change my banking accounts. Wouldn’t that be a hassle? What my weird insurance mind thinks of occasionally!
While you’ve likely heard the terms cybercrime, data breach or identity theft, I’ll bet you didn’t know October is National Cybersecurity Awareness Month! Business owners should take this opportunity to learn more about cybercrime and the potential expenses they could incur if their computer system is hacked. The smaller the business, the smaller the I.T. staff (if any) taking care of the computer issues. It may even be the owner handling it themselves.
Every business has an exposure to data breach, some more than others. Doctors and dentists store personal information on each patient. All retail stores, including restaurants, have personal data from the credit cards their patrons use. Any business with a website taking orders from customers is a potential victim. Each of these businesses maintains sensitive data that a cyber thief would love to get their hands on. It’s money in their pocket.
And it’s money out of your pocket. Easily quantifiable post-breach costs can arise from:
- Customer notification: $1-2 per person.
- Consulting help for forensic research and data recovery: $250-300 per hour.
- Credit monitoring subscriptions: $10-20 per person.
- Credit card reissuance fee: $20-30 per card.
- Legal fees: $400-600 per hour.
- Information hotlines for customer support: $5+ per call.
Additional costs which are difficult to estimate:
- Public relations activities: cost varies widely.
- Technology changes and staff training: potentially thousands of dollars.
- Reward expenses: thousands of dollars.
- Extortion demands: impossible to predict.
- Replacing stolen funds or securities: impossible to predict.
Ponemon Institute’s 2010 annual study estimates an average post-breach cost of $214 per record.1 Can you afford that cost? When you weigh the costs of a data breach against what you might pay in insurance premiums, it does seem an easy decision to purchase insurance for these types of losses. Many companies offer cyber liability or data breach insurance coverages. Check with your independent agent to see what they recommend for your data breach exposures.
And since its National Cybersecurity Awareness Month, why not take the opportunity to learn more about this threat to your business. StaySafeOnline.org has lots of great information to help you protect your business, as well as yourself, online. What steps do you take to prevent data breaches in your business?
1 Ponemon Institute LLC “2009 Annual Study: Global Cost of a Data Breach”, a benchmark study sponsored by PGP Corporation, January 2010.