Cyber attacks becoming big threat for small businesses

With lawsuits and hackers lurking, now’s the time for SMBs to explore coverage for liabilities

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Small and mid­size busi­ness­es are increas­ing­ly at risk for data breach class-action law­suits that typ­i­cal­ly have tar­get­ed large corporations.

Large com­pa­nies are learn­ing to address cyber threats. Hack­ers are respond­ing by set­ting their sights on SMBs. It’s sim­ply more pro­duc­tive and effi­cient to attack poor­ly pro­tect­ed com­pa­nies that could take weeks or even months to notice they’ve been breached.

Relat­ed pod­cast: Niger­ian scam­mers tar­get SMB pay­ment accounts

As the risk of expo­sure moves down­stream, the asso­ci­at­ed class-action law­suits sure­ly will fol­low. Sta­tis­tics from the Iden­ti­ty Theft Resource Cen­ter show that the num­ber of data breach­es report­ed in 2016 exceed­ed 2015 lev­els by 40 per­cent, a wor­ry­ing upward trend for those in the small busi­ness sec­tor who like­ly will bear a greater per­cent­age of those breach­es going for­ward. The data stores held by SMBs may be small­er, but they’re no less rich in val­ue to hack­ers. They con­tain finan­cial data, health­care infor­ma­tion and oth­er tan­ta­liz­ing per­son­al details.

Secu­ri­ty falls short

Unfor­tu­nate­ly, because SMBs often lag behind larg­er com­pa­nies in the sophis­ti­ca­tion and scope of their defen­sive mea­sures, they’re much more sus­cep­ti­ble to lit­i­ga­tion cen­tered on charges of neg­li­gence or a lack of due dili­gence. Expo­sures in the SMB sec­tor also could go unde­tect­ed for long peri­ods of time, leav­ing more records vul­ner­a­ble and increas­ing the size of the vic­tim pool that may be inter­est­ed in fil­ing suit.

Small­er firms’ respons­es to the risk of cyber attack and lit­i­ga­tion depend large­ly on their indus­try. Even the small­est health­care enti­ties are typ­i­cal­ly well adapt­ed to address poten­tial data breach­es and cyber risks. Long-stand­ing man­dates such as HIPAA—as well as a robust cen­tral­ized breach report­ing mechanism—have made com­pa­nies in the med­ical space a lit­tle para­noid about their heav­i­ly reg­u­lat­ed environment.

Behind the curve

Oth­er small busi­ness sec­tors aren’t as pre­pared for the risk of a breach. Out­side of health­care, the pro­fes­sion­al ser­vices indus­try, includ­ing legal and account­ing, is much less aware of where threats exist or which mea­sures should be tak­en to mit­i­gate them. Many small firms don’t under­stand their respon­si­bil­i­ties regard­ing data pri­va­cy or how data breach noti­fi­ca­tion laws apply to them. With­out a good aware­ness of data pri­va­cy con­cerns, oblig­a­tions and solu­tions, these busi­ness­es are easy tar­gets for any hack­er who hap­pens upon them.

Lit­i­ga­tion bills add up

Data breach class-action law­suits can result in mil­lion-dol­lar judg­ments, but dev­as­tat­ing costs may be incurred even if a set­tle­ment nev­er mate­ri­al­izes. A breached small busi­ness still needs to defend itself against lit­i­ga­tion, and that takes mon­ey. Between legal coun­sel, foren­sic inves­ti­ga­tions, data recov­ery and any oth­er steps the com­pa­ny may be required to take, they’re like­ly to incur sig­nif­i­cant finan­cial penal­ties no mat­ter which way the law­suit goes.

Some SMBs are real­iz­ing they aren’t pre­pared for a cyber attack. The tru­ly savvy ones are wak­ing up to the prospect that, just like the pro­fes­sion­al and employ­ment lia­bil­i­ty insur­ance they already have, it would be wise to pur­sue cov­er­age to defer defen­sive and recov­ery costs around their cyber lia­bil­i­ties. With the specter of more breaches—and more class-action lawsuits—coming down the pipeline, SMBs must find a way to min­i­mize the threat of expo­sures while also putting pro­tec­tive mea­sures in place should they find them­selves fac­ing litigation.

More sto­ries relat­ed to secu­ri­ty for SMBs:
SMBs must under­stand and counter new dig­i­tal risks
More SMBs let their guard down on cybersecurity
As work­ers move out of the office, busi­ness secu­ri­ty risks multiply