Data breaches can cost small businesses in a big way. From losing money and information to losing the trust of your customers, data breaches affect small businesses in a variety of ways.
As bigger businesses are able to improve their defenses against these breaches, it is leaving small businesses more vulnerable to attacks. A recent question-and-answer session with Valorie O'Shoney of specialty insurance provider Beazley Group gives small businesses an idea of just what a data breach can do to their company.
Q: What is typically the greatest direct cost associated with responding to a data breach?
A: For many companies, the lion's share of response costs comes from the duty to notify those whose data has been breached or potentially breached. All told, small businesses can face an estimated $200,000 in costs associated with breach-response services. This includes requisite activities like creating contact databases, retaining outside experts, postal expenditures, and determining regulatory requirements. Currently, 46 states have specific requirements for the notification process; certain industries are subject to additional regulations as well.
Q: Are response costs generally less for a smaller business than a larger one?
A: Not necessarily. For example, one of the first expenses any company faces — hiring a forensics expert to determine the size and scope of a breach — can range from $10,000 to $100,000, whatever size the business. Moreover, small businesses typically have less internal resources and expertise to handle a breach response, so they are more likely to have to pay outside experts such as attorneys, consultants, crisis management and public relations professionals to assist.
Q: What other direct expenses can a business expect after a breach?
A: Once customers are notified that their information has been breached, they are understandably concerned and upset. Damage control is critical to mitigate the impact of a breach both on the victims and on the business' reputation. Consequently, it has become standard for businesses that suffer a breach to set up a call center to handle questions and issues that arise post-notification and to provide services such as free credit monitoring for victims.
Customers, who are very upset and suffer financial repercussions from the breach, may want to sue. In that case, you can add additional fees to hire an attorney to review the case, legal fees if a claim is involved and even legal liability damages to the cost of a data breach.
Q: What are the indirect costs associated with a data breach?
A: It's cheaper to keep old customers than to acquire new ones. And customer turnover and other lost business expenses are major drivers of data breach costs, according to the Ponemon Institute. In addition to abnormal customer turnover, lost business costs can include the price of acquiring new customers via increased marketing efforts, as well as reputational losses and diminished goodwill.
Q: How small businesses can mitigate the costs of a data breach?
A: Privacy and security liability insurance has evolved to support small businesses by addressing the multiple facets of a data breach incident, now combining legal liability insurance with coverage and services that make responding to an incident with proper notification, credit monitoring and reputation management all turnkey.