M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
IT Professionals: Even with Great Tech, Companies at Risk

IT Professionals: Even with Great Tech, Companies at Risk

Over 60 percent of IT pros admit that their organizations don't have data breach response plans. Here's why your clients' lack of preparation can put you at risk.

Thursday, May 28, 2015/Categories: cyber-liability

If you ask tech departments around the country, many will admit that even with renewed efforts to secure their organization's technology, they're at risk of data breaches and security incidents.

An EiQ Networks survey of 168 IT professionals found that most companies admitted they weren't well prepared. What's the deal? Let's look into the numbers to see why cyber risks aren't going away.

Survey: Most IT Departments Are Underprepared for Cyber Attacks

Here's what the research tells us about why IT departments aren't prepared for a cyber attack:

  • 62 percent of IT professionals noted there was no process in place or only a partial process to protect the company.
  • 72 percent said their organization wasn't prepared for advanced persistent threats (APTs).
  • 71 percent said they weren't confident new anti-intrusion and security software would be able to stop APTs.

The reason for these security problems may not surprise you. You're used to companies giving you a minimal budget to get the job done. Unfortunately, when budgets are tight, security often suffers cuts. Businesses won't sacrifice functionality and productivity, so security ends up on the chopping block.

As we discussed in "Report: 70% of Last Year's Data Breaches Should Have Been Prevented," this lax approach means companies fail to update their software, institute adequate training, and take other basic measures that can prevent breaches.

1 in 8 IT Professionals Say a Cyber Attack Would Ruin Them

It can be hard to estimate the cost of a data breach with any accuracy because there are so many unpredictable factors – reputational damages, legal costs, IT repairs, etc. – that will vary based on the size of the data breach and the type of data that was lost.

One way to assess the cost of a breach is to ask IT professionals about the impact one would have on their company. 13 percent said a cyber attack would devastate their organization's finances.

That means one in eight companies admit that despite the resources they've invested in data security, their company might not survive a data breach. Why is that?

As you may know, breaches are expensive. It's helpful to think about breaches the way you would a fire or a theft. If a fire burned down your client's office and they didn't have insurance, they'd have to pay for these costs out of pocket. The expense might be more than they can handle.

Why the High Cost of Data Breaches Puts You at Risk

If a client's software is unable to stop an advanced persistent attack (or even a basic phishing scam), the IT contractor who installed the software or oversaw the client's technology could be sued.

Because breaches are so costly, clients may sue their contractor in order to cover their expenses. That puts you at risk and means you need to have a plan to cover this financial danger. You should consider…

  1. Having your clients invest in Cyber Liability Insurance. Just like your clients have Property Insurance to protect their company from the cost of fire or theft, Cyber Insurance may pay for many of the costs that come with a data breach, including repairs and customer notification.
  2. Getting IT Insurance (Errors and Omissions Insurance) for your business. E&O Insurance (also called Professional Liability Insurance) may pay for lawsuits when clients sue you over problems with your software and IT work. Getting E&O Insurance may offer you financial protection for the cost of lawsuits.
  3. Educating your clients. Many companies simply don't know much about data security. How many times have you been asked about anti-virus software? Your clients may not know how to prevent breaches with good habits and better data management. See our customer education packet for free resources you can share with clients to teach them about their data security.

While the ideal cyber risk management would take this kind of multi-pronged approach, you can't control your clients' attitudes and willingness to spend on security. But you can control your own risk exposure. Even if your clients skimp on security, by investing in E&O Insurance, IT consultants can get some peace of mind and know that if they're sued, E&O may offer coverage for the high cost of data breach lawsuits.

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews


The Small Business Insurance Leader