The surprising cyber risks facing your small business clients

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.ibamag.com/news/cyber/the-surprising-cyber-risks-facing-your-small-business-clients-28225.aspx

When many business owners think of data breaches, they think of malicious
hacker collectives going after Fortune 500 companies. And that image can
lead to a risky assumption: that smaller businesses don’t face a high
enough risk to make cyber liability insurance worth the money.

The assumption is so widespread that a January survey from Aviva found that
as many as 44% of businesses believe they are unlikely to be subject to
cyber loss.

In reality, the idea of a “hacktivist” group trying to sew chaos for big
corporations – while not necessarily inaccurate – is only a small facet of
cyber risk, says John Novak, senior vice president for Guy Carpenter.

“Small businesses often say, ‘I have a website and a mobile phone and
that’s it.’ I have no cyber exposure,” said Novak, a 23-year insurance
veteran who has worked with cyber products since 2009. “But in reality of
course, cyber policies really cover what happens when you lose personally
identifiable information, and that can happen in an electronic format or
paper file, through nefarious activity or error.”

For small- to medium-sized businesses (SMBs), that accidental exposure is
most commonly brought about by employees. Whether through malicious
activity or error, workers continue to be the biggest source of cyber loss
for smaller companies.

“One SMB had an employee who was laid off and then grabbed sensitive
customer information in order to file fraudulent tax returns and intercept
tax return money,” shared John Novak, senior vice president with Guy
Carpenter.

Fraudulent wire transfer requests, downloading infected files and sending
unsecured or unencrypted data to a publicly accessible cloud are also
common sources of cyber loss, Novak said. Even lost or stolen laptops – and
lost or stolen paper files – can lead to significant losses for small
companies.

And as for cyber crime? SMBs are not fully secure there, either, says
Melissa Ventrone, an attorney and chair of the data privacy and security
team with Wilson Elser Moskowitz Edelman & Dicker LLP in Chicago.

“Smaller businesses believe they are safe from attacks because they’re not
an attractive target. It couldn’t be further from the truth,” said
Ventrone. “SMBs are perfect for targets for hackers because a lot of them
lack resources necessary to combat cyber risk. Large corporations have the
budget – small ones don’t.”

SMBs that outsource IT function are also at risk from a vendor perspective,
as many do not have monitoring tools to determine what happened in the
event of a breach. This makes them “low-hanging fruit” from the perspective
of a hacker, Ventrone says.

Luckily, a solid cyber insurance policy covers most of these scenarios.
Expenses racked up from forensics or from notifying affected customers are
often covered by the insurer, as well as options for attorneys or public
relations resources if needed.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.