1. Business Ideas
  2. Business Plans
  3. Startup Basics
  4. Startup Funding
  5. Franchising
  6. Success Stories
  7. Entrepreneurs
  1. Sales & Marketing
  2. Finances
  3. Your Team
  4. Technology
  5. Social Media
  6. Security
  1. Get the Job
  2. Get Ahead
  3. Office Life
  4. Work-Life Balance
  5. Home Office
  1. Leadership
  2. Women in Business
  3. Managing
  4. Strategy
  5. Personal Growth
  1. HR Solutions
  2. Financial Solutions
  3. Marketing Solutions
  4. Security Solutions
  5. Retail Solutions
  6. SMB Solutions
Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
Grow Your Business Security

Is Your Business Prepared For the Cost of a Data Breach?

Although an overwhelming majority of small and mid-sized companies (86 percent) care about keeping customer credit card information secure, nearly two-thirds of them (60 percent) are clueless about their liability when customer data goes missing, according to a recent research study. Equally alarming, even more of them (64 percent) believe that their business is not at risk.

The survey showed that there’s significant confusion among retailers about the liability costs in the event of a data security breach . More than 60 percent of smaller merchants don't realize that credit card companies are authorized to fine their business a per-card fee for every card that has to be cancelled if it is determined that their company is the source of the data breach.

According to another study, the average costs for merchants coping with data breaches in 2009 rose to $6.7 million, with a cost per customer record data breach estimated at $204.

The retailers surveyed by the National Retail Federation and First Data, an electronic payments processer, were not much better prepared when it comes to taking precautionary measures. While two-thirds (66 percent) of them claimed to be aware of the Payment Card Industry Data Security Standard (PCI DSS), only about half (49 percent) had completed a self-assessment at the time of the survey.

Among those who had heard of PCI DSS, 42 percent didn’t know that merchants are obligated to conduct the self-assessment annually and 41 percent hadn’t heard of the recent change in the regulations.

More than 4 percent of the companies surveyed said they had been a victim of one of the types of fraud listed in the survey, which included physical theft or tampering with terminals, computer viruses and employee theft or misuse of credit card data. Although the percentage is low, it equates to a potential one million small businesses being affected. According the figures from the federal government, there are approximately 24.6 million small businesses currently operating in the U.S.

“The finding we found most intriguing was the confusion around the potential liabilities in the event of a data breach,” said First Data’s Mark Herrington. “We’re confident that continued education in the payments industry will raise awareness of the importance of annual self-assessments and the right mix of data security and fraud prevention tools.”

Reach BusinessNewsDaily senior writer Ned Smith at nsmith@techmedianetwork.com. Follow him on Twitter @nedbsmith.

Ned Smith
Ned Smith

Ned was senior writer at Sweeney Vesty, an international consulting firm, and was Vice President of communications for iQuest Analytics. Before that, he has been a web editor and managed the Internet and intranet sites for Citizens Communications. He began his journalism career as a police reporter with the Roanoke (Va.) Times, and was managing editor of American Way magazine and senior editor of Us. He was a Captain in the U.S. Air Force and has a masters in journalism from the University of Arizona.