Target’s Breach Giving Small Businesses False Sense of Security: Insureon
According to Insureon, a national insurance provider for small businesses, since December 19, 2013, when news broke about the Target data breach, businesses outside the information technology sector have been less likely to seek cyber liability insurance.
In the months before the story of Target’s data breach broke, nine percent of non-IT the company’s applicants requested cyber coverage. In the months since, only five percent have. While the numbers themselves show that small business owners aren’t aware of the magnitude of the threat data breaches pose, the trend suggests they’re being misled by media reports about the nature of hacking events.
“The reality is that small businesses get hacked far more often than big ones,” said Ted Devine, CEO of Insureon. “But you’re not going to turn on the evening news and hear about the florist on the corner getting breached. You’re going to hear about Michael’s and Neiman Marcus and P. F. Chang’s.”
Devine added that assuming a business won’t be hacked because it’s small is like assuming a bully won’t steal another kid’s lunch money because there’s a bank on the corner. “There are small-time hackers, too,” said Devine. “And they’re going after smaller businesses.”
This misconception of data breach exposure has been documented elsewhere, too. Verizon’s 2014 DBIR Report notes that, while media reporting “makes quite a splash… from a frequency standpoint, [hacking] largely remains a small-and-medium business issue.”
While the trend in small business data breach preparation is largely bleak, there is one bright spot in the insurer’s data: while small businesses have been less likely to buy cyber insurance since the Target breach, they’ve been more likely to choose higher coverage limits. Before Target, 93 percent chose the minimum policy limit; in the months since, that number has shrunk to 85 percent.
The company recommended that small businesses revisit their exposure and their state data breach laws. Florida, for example, just passed a law that fines up to $500,000 for data breaches.
Source: Insureon