2011 /PRNewswire/ -- Recently released research reveals a high incidence of data breaches affecting small and mid-sized businesses. According to a survey by the Identity Theft Resource Center ® of 226 security breaches(1), 44 percent of the victims in the first half of this year were businesses with assets of under
, which lost in aggregate 3.6 million customer records. Verizon's 2011 data breach report of 759 occurrences conducted in collaboration with the US Secret Service shows 63 percent of last year's breaches involved organizations with no more than 100 employees.(2)
Beazley insures hundreds of small businesses for data privacy risks. But most small businesses currently go without insurance coverage due to a variety of misconceptions about the scale of the risk and the scope of their existing insurance protections.
, an underwriter who manages the US Private Enterprise/Small Business Technology team for Beazley, said: "Cyber criminals view small businesses as easier targets than their larger, more technologically sophisticated counterparts. They have limited resources to protect themselves, and with more modest incomes, these small businesses have more to lose."
Among the misconceptions frequently relayed to Beazley underwriters by small business owners or their brokers are:
- The cost of responding to impacted clients is simply a postage stamp per breached record.
- Our information is well-protected by our IT consultants.
- Our employees would not act maliciously and know how to protect our data.
- Security breaches are covered by our general liability policy.
Orye urges small business owners to talk to their brokers to ensure their coverage extends to cover notification costs, which general liability insurance typically does not. Notification costs can be heavy as they must meet the standards prescribed by a bewildering array of state and federal laws.