Data breach insurance offer shows how high risk has grown for SMBs

Your company may be too small to hit the average $7.2M per breach, but the cost scales down.

So far there aren't any TV ads with cute geckos or annoying talking ducks trying to humanize the business of betting on the disasters in other people's lives, but business-insurance companies are starting to sell more policies insuring against losses due hacking and digital espionage than they did before.

The Hartford just announced a data-breach add-on to its mainstream Spectrum business policy for small business owners – one of the first attempts to offer insurance for data breach to companies previously considered too small to worry about such high-falutin' dangers.

Charming as it seems that The Hartford would be concerned about the safety of small businesses, insurance-company actuaries are the ultimate buzz-kill for people who think the obvious risks to everyone else somehow won't affect them.

Insurance companies play the odds better than Vegas bookies; if they're starting to offer insurance to protect small business from hacks, you can bet the likelihood and potential cost of attacks has gone way up, even for SMBs.

A survey released this year from Verizon Business estimates almost two thirds of the 760 data breaches recorded in 2010 involved small businesses.

The data-breach portion covers lawyer fees, penalties, awards from lawsuits and other liability expenses. It also offers ways its customers can bring their security up to speed with regulatory requirements so their security problems won't be their own failure to prepare.

Data breaches – or at least the awareness of them and their cost – hit an all-time high this year.

The cost didn't drop either, of course.

The average cost of a corporate data breach went up five percent between 2009 and 2010, from $6.8 million to $7.2 million.

On average, every file you lose to hacker or insider will cost you $214, according to 2010 figures from The Ponemon Insitute.

Network World posted a cute data breach security quiz to see how much you know about the kind of data breaches that have caused companies like RSA, Sony, Citigroup and others to bleed money, let their reputations droop lose credibility and the increase their potential for public ridicule by script kids.

The Hartford's SMB version is a little thin compared to other data-breach policies, which cover things like the cost of forensic investigation afterward, cost of notifying customers who are now potential victims, the cost of credit protection programs and crisis management.

Think it can't happen to your small business, or that, if it does, the loss of reputation won't be that big a deal?

Do a quick search on the company name "HB Gary" and "LulzSec" and think again about that.

Not everyone agrees data-breach insurance is necessary, or at least that there aren't other issues to think about before paying for a sense of security you may not need and protection you may not get.

Between hackers trying to break in and regulators offering fines and penalties if you don't make your firewalls high enough, there is enough potential downside to spend a little time on the cost/benefit.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies