Data breaches at large companies continue to dominate the headlines, breaches involving smaller businesses are also on the rise. According to a 2011 report from Verizon Business of more than 760 data breaches analyzed in 2010, nearly two-thirds involved businesses with fewer than 100 employees.
55 percent of small businesses in the United States have had a data breach, almost all involving electronic records, and 53 percent had multiple breaches. However, only 33 percent notified the people affected, even though 46 states require that individuals be contacted when their private information is exposed.
The primary causes of the data breaches were employee or contractor mistakes; lost or stolen laptops, smart phones and storage media; and procedural mistakes.
Sensitive information is more likely to be compromised when the data has been outsourced, 70 percent of the respondents believe, but 62 percent do not have contracts that require third parties to cover all the costs associated with a data breach. Seventy percent of small business owners said they would purchase insurance to help pay for the costs if data is breached.
At least 85 percent share customer and employee records with third parties such as those providing billing, payroll, employee benefits, web hosting and information technology services. When asked which type of lost or stolen data was more likely to harm their business, 70 percent agreed the loss of personally identifying information was more damaging than confidential company data.
The Hartford’s data breach coverage includes:
- First party coverage for response expenses, including legal and forensic services, notification expenses, crisis management and good faith advertising expenses; - Third party coverage for defense and liability, including defense costs, civil awards, settlements or judgments that an insured is legally obligated to pay; - Access to a secure breach preparedness website that offers tips and guidelines for safeguarding customer, patient and employee information; preparing a data breach incident response plan; and regulatory requirements by state; - Consultative services, including help with breach notifications and credit monitoring for victims of identity theft or fraud, if warranted.
The Hartford provides the breach preparedness resources and consultative services.