Midsize Firms Targeted by Data Thieves

While most every company has a virtual warehouse of information which is attractive to hackers, they often avoid those with lots of security.  According to a study by the U.S. Secret Service and Verizon Communication, of the 761 data breaches investigated in 2010, 63% occurred at companies with 100 or fewer employees.  A separate survey by Symantec from the same year found that “73% of small and midsize companies experienced a cyber attack in the past year, and that 30% of the attacks were ‘somewhat/extremely effective.’”

Hackers typically seek one or more of the following when they gain access to a company’s network:  bragging rights, access to trade secrets or other proprietary information, and access to customer and employee information.  Smaller companies, therefore, need to protect information on its products, plans and people.

While protecting valuable information may seem expensive, the costs following a data breach are significantly higher.  One data security research firm estimates that it costs companies “more than $200 per compromised record.”  Multiply that by 10,000 customer records and the results can be catastrophic for a midsize company.  Perhaps more costly is the reputational harm.  Companies risk losing not only the customers affected by the breach, but other current and future ones.

How can companies protect their information?  First, write up a data security policy and stick to it.  Also, beef up security with firewalls, anti-virus and intrusion detection systems. Routinely upgrade the software with patches provided by the vendor.  Most importantly, invest in Cyber Liability insurance.  Not only does the insurer absorb the risk, but should a breach occur, they know exactly what needs to be done.  Please call us for details.

From Business Insurance, October 3, 2011 issue, pp. 14 and 16.