Symantec's study on data breaches, the 2014 Internet Security Threat Report, provides scores of useful and fascinating statistics on data breaches, including this shocker: July is peak season for data breaches.
As an IT professional, you look at problems analytically. No doubt, you've wondered about the number of data breaches that have actually affected small businesses. Most of the news coverage (if not all of it) covers data breaches at big businesses and retail outlets.
While stories about the Target data breach are fascinating, they don't paint the whole picture. One of the most useful things about Symantec's study is that it can give us a more complete understanding of when and how data breaches hit small businesses.
Why July Is High Time for Data Breaches
It might seem strange to say that one particular month is bad for data breaches, but the data shows that we're likely to see a rash of smaller data breaches in July.
On this blog, we warned about the tendency for hackers to attack retailers over Christmas and Thanksgiving, but there are actually more data breaches during midsummer.
It turns out that winter holiday data breaches tend to be larger with more lost records (presumably because hackers attack large retailers during the shopping season), whereas July data breaches tend to be smaller and more numerous.
Who knows why cyber criminals target smaller businesses in July, but they do. As we approach midsummer, now is a good time to re-educate your clients about cyber risks.
Data Breach 101: Teaching Your Clients Basic Data Security
How do you teach clients about data breaches? Start by clearing up some of these common misunderstandings:
- “A data breach is always caused by hackers.” Not true. While hackers and malware remain the most common causes of data breaches, making up 35 percent of attacks, they are not the only cause. In fact, 29 percent of breaches are caused by accidents (often attributed to employees not understanding proper security protocol) and 27 percent are caused by physical theft (e.g., a stolen laptop).
- “Data breaches cannot be prevented.” False. One of the reasons IT professionals are exposed to lawsuit risk is that data breaches are often preventable. That's not to say they are your fault. But data breaches caused by a client's error can actually be pinned on you for not educating clients or having adequate IT infrastructure in place to prevent employees from making mistakes. If an employee downloads a file to their thumb drive or sends work files via non-secure email, it could lead to a data breach lawsuit.
- “Small businesses don’t need to worry about cyber attacks.” Wrong. This week, we profiled spear phishing attacks and found that 1 in 5.2 small businesses is targeted in these malicious email campaigns. These numbers have increased 60 percent in the last two years. (See our article "It's not Just You: Data Breaches Are Getting Sneakier.”)
Lawsuit Insurance for IT Companies
Symantec's research found that the median data breach involved 6,777 exposed records. By using the Ponemon Institute's figures, which find that data breaches cost approximately $195 per lost record, we can estimate these median breaches cost over $1.3 million.
If a data breach occurs at your client's business – whether it's caused by an employee error or a cyber attack – they could sue you, looking to recoup the massive cost to their business and the revenue they've lost.
Errors and Omissions Insurance can cover IT professionals when they're sued for data breaches and other IT risks. E&O pays for legal fees and damages, protecting your business from the expenses that could bankrupt it.
Visit our IT Insurance sample quotes to learn more about the cost of small business insurance for tech companies.