Oct 2, 201308:56 AMOpen Mic
Send us your blog for consideration!
Cyber liability: Not just for technology businesses anymore
(page 1 of 2)
Our IT manager recently ran a list of attempted hacking breaches on our server. The results astonished me: a 60-page, single-spaced report listing all of the attempts … just in a 24-hour period!
Up until recently, the most significant risks that a business faced were related to bodily injury or property damage. For many businesses, all the data about employees, vendors, customers, and operations has created an even larger loss exposure.
Unfortunately, because of the size of their businesses, many business owners do not believe they are targets for cyber-criminals — when just the opposite is true. While many larger businesses have improved their network security systems, many small and medium-sized businesses are unaware of their vulnerability and have not taken the steps to properly protect themselves. In fact, from 2011 to 2012, the share of cyber attacks on employers with fewer than 250 employees increased by nearly 200% (moving from 18% of all attacks in 2011 to 31% in 2012), according to the 2013 Symantec Internet Security Threat Report.
Regardless of industry, every business is required to protect personal information, and it’s difficult to think of any business that doesn’t have some sort of personal information saved. For some organizations, such as health care providers, financial institutions, and educational institutions, the duty of care can increase. In its most basic sense, personal information is a person’s first and last name — or a first initial and last name — combined with any one or more of the following:
- Social Security number
- Driver’s license number
- Financial account number
- Biometric indicator
To examine how even a small business can have significant exposure, let’s consider a local sandwich shop that completes 300 credit card transactions per week. Now imagine that a cyber-criminal hacks into the shop’s computer system and steals a copy of every credit card transaction for the past year — about 15,000 records. How much exposure does the shop have?
According to the Ponemon Institute, the average cost of each compromised record is $214, so the sandwich shop would have a loss exposure of more than $3.2 million. By the way, the Ponemon Institute only includes the costs of notification and lost goodwill to the business — not any resulting damages/losses experienced by the compromised individuals.