Data breaches at big corporations make for big headlines. It’s a familiar story: A corporation gets hacked or mishandles customer data resulting in millions in damages. While the threat may seem far from home, small and mid-sized businesses are growing targets for cyber crime. And there’s a lot at stake. In 2014, the mean annual cost of cyber crime per US organizations experiencing cyber attacks was $12.7 million.
Data Breach Statistics
By 2015, the average total cost of a data breach reached $3.79 million, an increase of 23 percent over the previous two years.
In 2014, the leading causes of cyber security incidents were:
- 29.4% Miscellaneous errors
- 25.1% Crimeware
- 20.6% Insider misuse
Unfortunately, businesses don’t always have a plan in place to handle a data breach or cyber attack. Acadia’s article Top 6 Cyber Security Tips For Businesses provides guidance to help protect your business against data loss and corruption. However, even the best cyber security measures can’t fully protect against data breaches because thieves have so many potential access methods. That’s why it’s critical to take precautions that mitigate the damage of a data breach. Here’s a few important steps to help protect your business:In a data breach, criminals sell or exploit information gained through unauthorized access to personally identifiable information—such as client lists. An attack can mean damage to your brand’s reputation, lost customers and big legal fees. Network intrusions, stolen credentials and hacking make up a large portion of breaches. Though, breaches aren’t always caused by criminals. Damage is also caused by employee errors, such as data privilege mistakes and improper document or equipment disposal.
1. Know your responsibility
When a breach occurs, by law most businesses are required to take specific actions to notify affected customers, clients and business partners about the incident. Failure to follow the regulations can result in penalties, sanctions and possible civil litigation.
2. Have a response plan
In the event of a security incident, performing a fast and effective response can make a major difference in mitigating the damage. These plans often include:
- Incident response to minimize the impact and fallout of a data breach
- Crisis management to rapidly handle a breach
- Notification to inform impacted individuals in accordance with regulations
- Media relations to help restore your business reputation
3. Consider getting insured
There are many different types of insurance programs in place to protect various aspects of cyber risk. Look for programs that include the following coverage or services in the event that personal data held by your business is breached, lost or stolen:
- Privacy breach response assistance for response and recovery activities to help you swiftly respond to a breach
- Expense reimbursement coverage – Reimburses costs including notification, monitoring, investigation, crisis management expenses, and legal fees, costs and expenses
- Cyber liability coverage – Provides financial protection and defense in the event that your business is sued for damages caused to a third party as a direct result of the breach
Whether it’s an attack from a criminal or simply employee error, there will always be risk from data breaches. Taking the right precautions can go a long way in maintaining a secure data environment. Don’t become your own headline. Know your responsibility, have a response plan in place and get insured to protect your business, your people and your customers.
Acadia Insurance is pleased to share this material with its customers. Please note, however, that nothing in this document should be construed as legal advice or the provision of professional consulting services. This material is for general informational purposes only, and while reasonable care has been utilized in compiling this information, no warranty or representation is made as to accuracy or completeness.
 “2014 Cost of Cyber Crime Study: United States” Page 2. Ponemon Institute, sponsored by HP Enterprise Security. October 2014.
 “2015 Cost of Data Breach Study: Global Analysis” Page 2. Ponemon Institute, sponsored by IBM. May 2015.
 “2015 Data Breach Investigations Report” Page 31. Verizon. April 2015.