No Business Is Too Small for Cyber Criminals

Any size business can fall victim to a cyber-attack.

Data breaches make the news when big retail chains get hit with a cyber-attack. You may even be notified of the breach by the retailer if they have reason to believe your data was compromised. Or you may read about data breaches when you receive a new credit card or are offered identity theft protection.

What you might not hear about are the cases where a business owner goes bankrupt after a data breach. A study by the National Cyber Security Alliance found that 60% of small to midsize businesses that suffered a breach went out of business within six months.

First Line of Defense

Your first line of defense as a business owner is to educate yourself on how to prevent or mitigate a breach. Follow news reports and take advantage of online materials available to help you prepare for and respond to cyber-attacks.

Second Line of Defense

Your local independent insurance agent could be your second line of defense, providing information about Internet exposures and insurance products. Any business that handles private information is at risk of breach and subject to cyber exposure. Private information includes personal identifiers (Social Security numbers, birth dates, driver’s license numbers, etc.), financial information (bank or investment accounts, credit cards, etc.), medical or medical claim history, employee personal data or student records.

Companies that use third parties to process their transactions or record keeping, such as payroll, employee benefits or billing, also have the potential for cyber loss. Consider the possibility of that third party experiencing a data breach where you might be ultimately responsible for the breached records.

Why Buy Cyber Insurance?

Cyber insurance can reimburse for expenses incurred such as:

• Breach notification law compliance – 47 states have data breach notification laws that include an obligation to notify those whose information has been breached and certain federal laws, such as HIPAA, may also require similar notifications.
• Breach response costs – for example, notifying and providing services to affected individuals.
• Opportunity costs and out-of-pocket expenses involved in resolving identity theft problems for business owners and customers.
• Damage to the business computer systems and data due to unauthorized access, hacking, malware or denial of service attacks.
• Remember, data comes in all forms, paper and electronic, and business owners need to protect data to manage risk.

More Information

• Cincinnati Insurance Small Business Insurance
• The Federal Communications Commission series of tips for small businesses
• The Federal Trade Commission’s guide for business security

This loss control information is advisory only. Not all exposures are in this article. Contact your local, independent agent for insurance coverage advice and loss control information. Neither The Cincinnati Insurance Company nor its affiliates or representatives offer legal advice. Consult with your attorney about your specific situation.

The selection of a particular service provider is the independent choice of the policyholder. Service providers are not affiliated with The Cincinnati Insurance Companies. Cincinnati and its employees make no warranties and assume no liability for services, products or loss control measures provided by service providers.