The European Union this week announced a new law that will require companies in transport, health, energy, public administration, and Internet sectors to disclose any data breaches as they occur.
Introduction of this law is just the latest in a global shift toward a greater demand for cyber security products, Data Breach Insurance, and other risk management tools that help businesses minimize their exposure to cyber crimes.
Like many cyber risk management laws, however, the EU's latest measure comes only after a major data breach revealed how much damage cyber crimes can do to the European public. In 2011, a Dutch company that provides Internet security certificates was the victim of a major data breach; the hackers obtained fraudulent security certificates, which they passed off as the real deal.
Internet users saw the fake certificates, believed they were on safe sites, and shared sensitive information. The most shocking part of the incident, though, was that the Dutch company did not alert authorities once it realized its products had been compromised.
According to news sources, the incident caused a major crisis of trust in the Internet as a business tool - definitely not good news for tech firms that rely on online transactions for much of their revenue.
The new EU law means that companies will be required to report future data breach incidents as soon as possible, which will enable authorities to take measures to minimize the damages to potential victims.
Data Breach Reporting for Your Business
So what can owners of small technology firms learn from the EU's new policy? A few lessons on cyber crime policy:
- Data Breach Insurance is a must. If a major Dutch provider of online security certificates - a company whose business is to ensure safety online - can be hacked, so can you. While all businesses who maintain a website or offer Wi-Fi have some cyber liability exposure, tech firms tend to have a greater risk than others - and a greater potential for loss in the event of a breach. Your insurance agent can tell you more about what types of risks your company faces and how you can properly insure against them.
- Communication is key in the event of a breach. The temptation for many tech firms is to hide the evidence of any data breach that occurs. But ultimately, such a strategy will lead to lost trust from your customers when they eventually find out. A better strategy is to address the issue head-on, identify the steps you're taking to correct it, and explain how you will protect your clients' data and compensate them for any losses (which you can do with adequate Data Breach Insurance).
- The bigger picture is important. If you plan to run your business for the long term, it's important to keep the long view in mind as you handle a data breach. Spending extra time and money to fix problems and strengthen your defenses may seem like an unnecessary expense now, but if it wins you lifetime loyalty from a few clients, it could result in a major payoff.
For more about cyber liability, read "How Safe Is Your Data? Key Questions for Your Insurance Agent" in our blog.
Writtten by Brenna Lemieux - check her out at Google+ or Twitter