Small businesses are concerned about cyber crime for two reasons. First, their own businesses can be compromised by such events, possibly leading to financial losses and even temporary business shutdowns. Second, private information on their customers can be compromised, which can lead to, at worst, lawsuits by those customers, and, at best, loss of business from those customers.
Ponemon Institute (www.ponemon.org) reported in its "2014 Cost of Data Breach: Global Analysis" report that 43 percent of firms in the U.S. had experienced a data breach in the past year. Retail breaches, in particular, had grown in size and virulence over the previous year.
According to a PricewaterhouseCoopers LLP (www.pwc.com) survey, global cyber security incidents increased 48 percent, to 42.8 million this year, and the average loss for a large company rose from $3.9 million in 2013 to $5.9 million this year.
Recommended For You
In December 2013, it was announced that customer data from Target had been breached, to the tune of about 40 million cards being potentially impacted. In July 2014, data at JPMorgan Chase & Co. was breached, compromising information from 76 million households and seven million small businesses. In September, Home Depot reported that its data breach put about 56 million payment cards at risk. There have been many more breaches prior to this, and there will be more in the future.
If large organizations with hundreds of IT experts on staff are unable to prevent cyber attacks on their organizations, it is a foregone conclusion that small businesses are even easier targets. On the other hand, small businesses may be less likely to be the targets of major cyber attacks, given that the criminals involved in such attacks are seeking "gold mines" of customer data (such as credit card information) that are as large as possible, making large corporations the more likely targets.
Still, small businesses have reason for concern. While large, planned cyber attacks tend to be focused on large companies, small business information is still vulnerable, in that a large percentage of occurrences in which small business information is compromised is the result of owners or other executives of small businesses simply losing or having their laptops stolen.
The 2013 Small Business Technology Survey, released by the National Small Business Association (www.nsba.net), found that 94 percent of small business owners are very or somewhat concerned about cyber security, and nearly half of small businesses reported having been the victims of cyber attacks. "These attacks result in significant losses of time and service interruption, and typically cost these firms thousands of dollars," noted the report. "Among those whose banking accounts were hacked, the average losses were $6,927.50."
While small business owners are concerned about cyber security, the survey found that not all of them are knowledgeable about how to address the problem. "The overwhelming majority of small business are concerned with security of their IT and online properties, and, while the majority said they have a high to moderate understanding of cyber security issues, one in four said they have little to no understanding of the issue whatsoever," noted the report. "Underscoring the challenges facing small businesses, the majority say they handle cyber security issues internally, and more than one in three small business owners are the person primarily responsible for cyber security."
What can small businesses to do protect themselves from cyber attacks? Besides becoming more technologically knowledgeable and instituting more careful business practices, they can consider purchasing cyber liability insurance policies.
According to an October 9, 2014 article by Bloomberg (www.bloomberg.com), more insurers are becoming involved in the expanding cyber coverage (cyber liability) market, and sales are set to double this year, from about $1 billion in 2013.
Policies are designed to protect companies against lost revenue, lawsuits, and even damage to their reputations and/or brands. They cover electronic hacking incidents, as well as confidentiality breaches that result if a company doesn't properly dispose of paper files containing confidential information.
In specific, policies offer liability coverage in case lawsuits are filed over the security breach, pay for the costs associated with notifying all individuals who have been affected, and also pay the costs to provide credit monitoring services for those customers. Many also pay for regulatory fines or penalties that are levied against the company as a result of the breach.
The policies can be purchased as standalone policies, or in conjunction with standard E&O policies. In addition, while the policies were originally designed primarily for large companies, more and more insurers are tailoring policies specifically for small businesses.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
