Beazley Identifies Top Misconceptions That Leave Small Businesses Vulnerable to Data Breaches

FARMINGTON, Conn., Aug. 17 2011 /PRNewswire/ -- Recently released research reveals a high incidence of data breaches affecting small and mid-sized businesses.  According to a survey by the Identity Theft Resource Center ® of 226 security breaches(1), 44 percent of the victims in the first half of this year were businesses with assets of under $35 million, which lost in aggregate 3.6 million customer records.  Verizon's 2011 data breach report of 759 occurrences conducted in collaboration with the US Secret Service shows 63 percent of last year's breaches involved organizations with no more than 100 employees.(2)  

Beazley insures hundreds of small businesses for data privacy risks.  But most small businesses currently go without insurance coverage due to a variety of misconceptions about the scale of the risk and the scope of their existing insurance protections.

Jamie Orye, an underwriter who manages the US Private Enterprise/Small Business Technology team for Beazley, said: "Cyber criminals view small businesses as easier targets than their larger, more technologically sophisticated counterparts. They have limited resources to protect themselves, and with more modest incomes, these small businesses have more to lose."

Among the misconceptions frequently relayed to Beazley underwriters by small business owners or their brokers are:

• The cost of responding to impacted clients is simply a postage stamp per breached record.
• Our information is well-protected by our IT consultants.
• Our employees would not act maliciously and know how to protect our data.    
• Security breaches are covered by our general liability policy.

Orye urges small business owners to talk to their brokers to ensure their coverage extends to cover notification costs, which general liability insurance typically does not. Notification costs can be heavy as they must meet the standards prescribed by a bewildering array of state and federal laws.

Firms should also have resources available to conduct proper forensic investigations to ensure they notify clients only when needed. Orye gave a recent example of a professional services firm that had their server hacked. The firm spent $100,000 on notifying clients that their sensitive data – such as social security numbers - might have been exposed.  However, the firm later discovered none of the exposed data fell into this sensitive category.  

"Firms should also realize they may not be off the hook for a breach just because their data storage and management needs are outsourced.  They will need to find out if their IT service providers are covered for data privacy issues," said Orye.

An article titled "Top Misconceptions that Leave Small Businesses Susceptible to Data Breaches" provides additional details on this topic and is available on the Beazley website www.beazley.com/pe.

(1) idtheftcenter.org  7/5/2011

(2) http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf

Note to editors:

Beazley's Information Security and Privacy Liability insurance covers notification costs upfront when a breach incident occurs. It also provides coverage for both regulatory actions and claims made by consumers seeking damages that can result from an incident. Beazley Breach Response provides comprehensive service to notify and protect customers who have suffered a data breach.

Beazley plc (BEZ.L), is the parent company of specialist insurance businesses with operations in Europe, the US, Asia and Australia. Beazley manages five Lloyd's syndicates and, in 2010, underwrote gross premiums worldwide of $1,741.6 million. All Lloyd's syndicates are rated A by A.M. Best. Beazley's underwriters in the United States focus on writing a range of specialist insurance products. In the surplus lines market, coverage is provided by the Beazley syndicates at Lloyd's. Beazley is a market leader in many of its chosen lines, which include professional indemnity, property, marine, reinsurance, accident and life, and political risks and contingency business. For more information please go to: www.beazley.com

SOURCE Beazley Group