As an IT professional, you've undoubtedly worked with clients who won't commit an adequate amount of resources to data security. Many small-business owners simply don't think it's worth the extra money for better security or necessary to strictly enforce data security protocol with employees. How do you convince them otherwise? If only there were a way to show clients how much a cyber attack would cost them. Oh wait! There is.
While analyzing the cost of cyber attack is difficult, new research from the National Small Business Association sheds some light on this topic. According to the NSBA's research, the average cost of a small-business cyber attack was $8,699.
Of the 845 surveyed small businesses, roughly half had fewer than six employees while most of the remaining survey participants had between 6 and 100 employees – which makes this new data relevant even for your smallest clients. Here's how rest of the research breaks down:
- 44 percent of small businesses had been the victim of a cyber attack (outages, stolen data, malware attacks, etc.).
- $6,927 was the average amount stolen from a bank account.
- More than 75 percent of business owners were unaware that commercial bank accounts are not protected from fraud in the same way that personal bank accounts are.
This last point is remarkable. Three-fourths of business owners mistakenly think that their bank will reimburse them when cyber criminals steal money from their account. While personal accounts get this protection, commercial accounts don't. If a cyber criminal steals money from a business's account, usually the business won't be able to recoup any of the loss.
Misconceptions like this are dangerous for the IT consultants who work for small-business clients. When a client underestimates a risk and is ill prepared for it, they're much more likely to sue you for their unexpected losses. Let's look at what an attack (and a lawsuit) could cost for an IT professional.
What Do Cyber Attacks Cost for IT Consultants?
While a cyber attack costs a typical small business around $9,000, that cost increases for you because you have to pay your own legal fees and a settlement or judgment (which typically includes other costs for reputational damages and breach-related expenses). If you work with larger businesses, expect to pay significantly more. (For free IT Errors and Omissions quotes, use our online insurance app.)
Remember that these are only the average numbers. Many cyber attacks are more expensive. You should note that this survey was only about "cyber attacks," which doesn't include data breaches caused by system malfunctions, accidental disclosures, lost devices, and other scenarios that can lead to more costly breaches.
Free Resources to Educate Clients on IT Risk Management
It's important to make sure your clients are adequately prepared. To help you, TechInsurance has recently launched a customer education guide. It's free and you can distribute it to clients to teach them about basic data security strategies.
TechInsurance's Small Business Guide to Identity Theft Prevention and Data Security outlines steps every small business can take to improve their data security. The guide includes:
- Checklists for what to do today, this week, this month, and this year to improve security.
- Data breach response guides.
- A guide to state data breach laws.
- Identity theft FAQs.
Certainly one of the reasons small-business owners underinvest in security and don't practice good habits is because they don't see the potential detrimental cost of a cyber attack on their business. Now that you know a typical cyber attack costs $9,000, you'll be able to give small-business clients an actual number to help them make informed decisions about their cyber security.