Noted researchers Menlo Security released their State of the Web 2015: Vulnerability Report, which details just how common threats are online. When researchers scanned one million of the top sites, they checked to see how many were using unpatched software with known vulnerabilities. They found...
- 33 percent of the top websites are vulnerable to cyber attacks.
- 34 percent of sites were using technology with known problems.
But what does this mean for your clients?
We could fill this article with a dozen takeaways, but let's keep it simple: the odds are that some of your clients are using software or web services with vulnerabilities.
Estimating the Cost of Data Breach at a Small Business
The cost of a data breach is hard to tally because breaches are far-ranging and have countless long-term implications that could extend the cost for years. With that said, we'll do our best to come up with a number.
Here are some of the costs you'll have to deal with if a client is hacked...
- Damages from the breach itself. The National Small Business Association's survey found that small-business owners pay $8,700 on average for a data breach.
- Lawyers' fees. The national average billing rate for lawyers is $175 to $250 per hour. Even if you're not facing a lawsuit, you may want to consult with a cyber security lawyer to make sure you're in-step with local data breach laws and other liability issues.
- Hours to resolve a data breach case. Most small business cyber attacks can be fixed within three days, but 23 percent will take longer, with some taking more than two weeks to fix.
Adding up the expenses, a small business data breach would probably cost between $10,000 and $20,000 with the potential for much more if you're sued.
Be forewarned: this number may underestimate the true cost of a breach. Breaches can have long-term side effects that are difficult to quantify.
How to Manage the Risk of Data Breaches and Be Prepared for the Cost
In the midst of all this talk about risk and the cost of data breaches, there is some good news: Errors and Omissions Insurance for IT consultants can cover third-party cyber liability.
Third-party cyber liability is the risk that a client will sue you over a data breach or cyber attack on their network, website, or customers' data. Whether or not you're responsible, a client can sue you for damages, so it's best to have a plan in place to cover those costs.
If you're sued, Errors and Omissions Insurance may cover legal costs, lawyers' fees, and damages that you may owe a client.
A Final Thought on the Cost of Small Business Data Breaches
As you know, security and updates might get put on the backburner as companies spend their IT budgets on non-security areas. Instead of improving data security, companies often focus on:
- Productivity improvements.
- Consumer-facing mobile apps.
- Other tech that produces revenue.
It's easy to understand why companies take this approach. But it puts you at risk. If there's something to learn from the startling amount of vulnerabilities out there, it's this: IT consultants face an uphill battle.
Read our other blog posts about data breaches for more tips and risk management strategies.