Security and data breaches don't favor one organization or industry over another and are taking place every day. Companies should consider the "how" of a breach -- as opposed to the "who" -- to evaluate their exposure to a similar event.
Retail operations remain a target to hackers due to the volume of information in their systems, including credit card information, confidential information for loyalty programs, and employee data. The victims of these attacks are an organization's most valued assets: their employees and customers.
Until recently, many thought data risk was trivial compared to other threats such as theft, slip and falls, and workplace violence. But with data compromise occurring at much greater frequency, it's one risk you don't want to underestimate. Reputational harm stemming from a poorly managed data breach can be catastrophic.Five myths you can't afford to believe
1. Data theft is not a problem for me -- my company is too small. Data privacy is a concern for organizations of any size. Rogue employees, data thieves, and unscrupulous business associates are looking for opportunities to take advantage of any weakness or mistake. Additionally, human error by negligent or careless staff account for a surprising number of data breaches around the country.
2. We can afford to self-insure the risk. As the economy continues to recover, companies are still closely watching discretionary spending, including certain lines of insurance coverage.
Many organizations wrongly believe that if something happens to their data, they can afford to cover the costs. According to a recent Ponemon Institute study, the average cost for a small breach of 1,000 records could easily exceed $200,000 -- a sum that many companies cannot easily absorb.
Remember, the majority of funds to respond to a breach need to be liquid. Breach vendors typically look for payment before or at the time service is rendered, and payment for postage is required when the letter is mailed, not 30 days later.
3. Coverage is expensive and hard to get. This perception was true five years ago but is not true today. Competition, claims experience and a larger pool of buyers have made network security and privacy liability coverage more cost-effective and easier to obtain.
Even with the recent proliferation of retail breaches, the market remains relatively stable. Some carriers, however, are more cautious when reviewing risks with a large volume of credit card data.
4. Our general liability policy will cover us. General-liability insurance covers bodily injury and property damage as well as advertising injury and personal injury. The courts have consistently stated that data are not property because they are intangible. The perils associated with advertising injury and personal injury are very specific.