Two major grocery store companies and now UPS have reported data breaches within the past week. AB Acquisition - which owns Jewel-Osco - and Supervalu Inc. - which used to own Jewel Osco - both announced that customers' credit and debit card payment information may have been compromised (see link to find out if you may have shopped during the time of breach and for number to call). Just yesterday, UPS announced that a computer virus was found on systems of 51 stores in 24 states, possibility compromising the data of roughly 105,000 customers.
They add to the growing list of companies falling victim to hackers. This past Christmas, Target reported that the personal information of more than 70 million customers had been stolen. For Target, the total expenses from claims were $148 million in actual and potential breach-related claims. Fortunately Target had carried a cyber liability policy to help offset the damage. It's unclear what the consequences of AB Acquisition, Supervalu, and UPS' data breaches will be, but they shine yet another light on the increasing importance for companies to carry cyber liability insurance.
And it isn't just large corporations that are at risk. If you own a small or midsize business, you are just as vulnerable. You might not have a $148 million in claims, but then it probably doesn't take that much to put you out of business. For every high-profile case there dozens of local restaurants, liquor stores, dentist offices, municipalities, moms and pops retailers that are exposed to data breaches. In 2012 one out of every three data breaches investigated were from companies with fewer than 100 employees.
It isn't just hackers that you have to worry about either. A report published on July 4th in the L.A. Times told the story of Silversage Advisors, a financial management firm in Irvine California, who filed a data breach claim after burglars broke into their building, cracked open a safe bolted to the floor and took off with financial records of hundred's of the firm's clients. The same report (which I highly recommend reading to get a better grasp of just how prevalent this problem is) noted the following staggering statistic.
"Many small firms know little or nothing about cybersecurity, according to the National Small Business Association, despite the prevalence of data thefts. The trade groups reported that 44% of respondents to a survey last year had been victims of at least one cyberattack, with an average $8,699.48 cost for each breach."
The fact of the matter is that as the world becomes more and more digital, businesses are in possession of more and more intangible property that traditional property insurance or general liability insurance policies do not cover. Data loss, loss of revenue due to virus or worm forced system shut downs, loss of revenue due to server overloads, intellectual property and patent suits, virus, worm, or Trojan horse damages are all examples of things not covered in standard property or general liability policies. Cyber liability policies are designed to provide coverage for these aforementioned exposures.
Unfortunately, even with the proper coverage your bottom line doesn't always come away completely unscathed when a data breach occurs. Per state requirements, companies must notify customers of data breaches. The very thought of their personal information being stolen can cause trepidation among even your most loyal customers. It's also not uncommon for customers to take to the internet to write a poor review about your business. So while cyber liability coverage can mitigate your business' losses exponentially, there are also certain steps that owners should take to prevent data breaches from happening in the first place.
Small business owners in particular often leave expose themselves to potential breaches by browsing the internet and social media on the same computers that they use for processing financials and choosing not to purchase anti-virus software. Keeping a designated computer strictly for processing financial data and purchasing anti-virus software are just two things business owners can do to help prevent a data breach in the first place. Here are nine more:
- Secure sensitive customer, employee or patient data.
- Properly dispose of sensitive data.
- Use password protection.
- Control physical access to your business computers
- Encrypt data.
- Keep your software and operating systems up to date.
- Secure access to your network.
- Verify the customer controls of third parties.
- Train your employees.
Tips provided Via The Hartford. For elaboration on these tips, click here.
Photo via Reuters.
