Cybercrime is one of the fasted growing risks to businesses – even small businesses! The fact is 71% of hackers target small businesses because they are less likely to have effective data security measures internally. The average cost of a small business data breach is $86,500, causing many small businesses affected to have to shut their doors permanently.
Other reasons why your small business is at a higher risk is inadequate employee training on cyber attacks, disgruntled employees with access to customer’s personal information, and the high loss or theft of electronic devices such as laptops and cell phones.
All 50 states have laws requiring businesses to notify customers when their personal data has been breached and some states have requirements of small businesses to protect personal data before a breach can occur. KNOW THE LAWS IN EVERY STATE YOU DO BUSINESS IN….and if you sell a product on the internet, you should know the laws in ALL states. Effective September 1, 2018. Colorado enacted privacy and cybersecurity legislation that requires all businesses to implement and maintain reasonable security procedures, dispose of documents containing confidential information properly, ensure that confidential information is protected when transferred to a third party, and notify affected individuals of data breaches within 30 days. In addition, you must notify the Colorado Attorney General and credit reporting agencies depending on the number of people who may have been affected by the breach.
The law pertains to entities that maintain personal identifying information (PII), which includes a first initial or name and last name paired with a social security number, personal identification number, password, passcode, state issued driver’s license or ID card, passport number, biometric data, employer/student/military ID number, or financial information. Regardless of how you obtain the information or where you store it if you gather this type of data on your customers…YOU MUST COMPLY WITH THE LAW!
Now that you have heard the facts, what can you do? Well, the first line of defense is to get Cyber Liability Coverage. This coverage is often not included in your General Liability policy, and if it is, it may not be enough coverage for your exposure. Cyber Liability Insurance is a great defense both before and after an attack occurs. Beforehand, your insurance company can assess your current risk to an attack, provide training materials for you and your staff, and provide password protection assistance. First-party coverage provides you with notification to clients that their information was compromised, the cost of credit monitoring services for customers affected, crisis management and public relations campaigns to restore the reputation of your company, pay for data being held hostage in an attack, replacement, and installation of equipment damaged by the attack, and compensation for business income that a company was unable to earn while dealing with the fallout of the breach. Third-party coverage can pay the defense costs for a lawsuit filed against the company for breach of data as well as judgments, civil awards, or settlements your company is legally obligated to pay after a court requires it.
SO, why take on the risk yourself as a small business owner? Talk to your insurance agent today to get a quote for Cyber Liability Insurance and be in the know about state laws regarding Cyber security