Data breaches aren’t limited to big companies like Target – compromises can happen to the data of individuals in any sized company. As of January 1 2017, all businesses will be required to notify individuals when personal data has been compromised or acquired in an unauthorized breach. This law was already in place for unencrypted data but now is now expanded to include encrypted data. If your website uses a secure (HTTPS) connection for some transactions, that counts if a hacker intercepts that data.
California has always had a significant data breach law which presents challenges for small businesses and any employers. Many small businesses aren’t even aware of their obligations under the law, and small businesses are increasingly being targeted because the chance is smaller business equals lower security. AB 2828 takes this a step further by requiring any data breach be reported to those affected. Whether through phishing emails, malware transmitted through compromised web ads or other hacking methods, the likelihood of a data breach goes up enormously. Notification and response costs can be around $200 per individual compromised. Standard general liability insurance does not cover these costs, and dedicated cyber coverage is needed.
Cyber insurance can provide coverages for both your business and your affected customers or employees. A good policy will provide response costs in the form of public relations, notification to affected individuals, and credit monitoring services for each person affected. The policy should also provide for payment of ransom in the case of ransomware infections, costs to retrieve lost data and costs to fix the security breach and try to trace its source.
Insurance isn’t the only solution. Additional steps include encrypting your data and securing your computers with firewalls. An incident response plan is immensely useful to identify exactly what steps you should take when a data-breach happens, as well as company policies on who can access what kind of data in your firm. 1st Community Insurance can provide you with a quote for cyber insurance and provide your business with some sample policies and procedures to help limit your cyber exposure – or, at least, have a plan ready for when it happens.