If your clients are wary of investing in cyber security, all you need to do is give them one number: $24.7 billion. That's the amount of damages caused by cyber criminals each year. It's more than all other property crime combined.
So why don't businesses invest more in cyber security? Some business owners mistakenly assume that these losses only occur at big companies. But that's flat wrong. To understand cyber crime better, let's look at it on a smaller scale.
WFUV details how much cyber crime costs the state of New York, where 3,000 businesses of all sizes have been hacked over the last eight years. Nine hundred data breaches occurred in 2013 and cost New York businesses over $1 billion to investigate, repair security problems, and make amends to customers. These losses average out to an astonishing $50 per New York resident.
It all comes down to this: because businesses underestimate the cost and risk of a data breach, it's up to you – the IT consultant – to make sure you and your clients are protected from the financial losses that come with a breach.
5 Myths to Dispel about Data Breaches
How do you convince clients about the risks of a data breach? Start by making sure they understand the basics. Then dispel any misunderstanding they might have about data breaches. Let's look at five common data breach myths:
- Myth 1: Cyber criminals won't target small businesses. On this blog, we've recently shown how cyber criminals have changed their strategy, increasing the number of spear phishing attacks that target small businesses from 18 to 30 percent over the last two years (see "Re: Your Recent Spear Phishing Attack" for more details). The truth is, hackers don't care whose data they steal. If it's there for the taking, they'll take it.
- Myth 2: Hackers cause data breaches. This is an oversimplification. Malware and other attacks launched by cyber criminals cause about 44 percent of data breaches. But human error and accident cause 31 percent data breaches and system glitches cause 25 percent. In other words, hackers and cyber criminals cause less than half of all data breaches.
- Myth 3: There's nothing you can do to prevent data breaches. Wrong. As we saw in Myth 2, many breaches are preventable. They are caused when a client's employee makes a mistake or a company fails to use proper data security.
- Myth 4: Criminals wouldn't want my data. With more and more transactions and banking taking place online, criminals only need a few pieces of data to attempt identity theft against your clients or their customers. In fact, many state laws define a data breach as the loss of a combination of login information, address, or name. Clients don't even have to lose financial data for them to be legally required to report the breach to a state agency.
- Myth 5: Data breaches won't cost my business. The reality is that data breaches are really, really expensive. As we saw, New York businesses lose over $1 billion each year to breaches. But let's quantify that for a small business. The 2014 Cost of a Data Breach survey estimates that breaches cost $195 per lost record. If you lose 100 records, your estimated costs are around $20,000. Lose 1,000 records and you're looking at $200,000 in legal, IT, and other breach expenses.
Thought Experiment: IT Contractors Are Liable for Billions of Dollars of Property
Imagine you could be sued for car theft or fires at your client's office. You'd want to have insurance to cover these potential losses, right?
Now imagine IT professionals are liable for $24.7 billion each year in property losses. As an industry, information technology would be forced to insure against these losses. You'd invest in business insurance and require your clients to follow certain protocol to secure their property.
It's obvious that we're really talking about data breaches. A data breach can have a devastating effect of on a small business, costing tens or thousands of dollars in losses. So why don't small businesses exercise the same caution they would use to prevent theft and other property crime?
The technical aspects of data breaches confuse many clients. But the other reason is that many business owners simply don't understand how the costs of a data breach add up. If you client is hacked, they'll lose money because of…
- Lost sales revenue.
- Damaged reputation.
- Investigation costs.
- IT upgrades.
- Lost productivity.
- Identity theft lawsuits.
It's this onslaught of expenses that makes a data breach so costly for you and your clients. That's why many IT professionals invest in E&O Insurance, which covers data breach lawsuits.
If a client pays $100,000 in breach expenses, they'll likely file a lawsuit against your business seeking remuneration. E&O covers these and other professional liabilities. A typical E&O policy covers $1 million worth of legal expenses, effectively shielding your business from the high cost of data breaches.
For a free quote on E&O Insurance, submit an online insurance application.