When it comes to hackers stealing confidential client information, most people think of their primary targets as mega-corporations; banks, credit card providers, online retailers, and so forth. (American Express, MasterCard, and Sony come to mind.)
However, more than half of small and midsize businesses have experienced at least one data breach in the past year, according to a recent nationwide study by the Ponemon Institute. What’s more, only 33% of surveyed companies suffering breaches notified affected individuals that their personal information was ever at risk – despite laws in 46 states that require such notification.
The primary causes of these breaches were employee or contractor error, lost or stolen laptops or smart phones, and procedural mistakes, according to the study commissioned by the Hartford Steam Boiler Inspection & Insurance Co.
The survey also found that:
- Nearly nine in 10 respondents (85%) shared their customer and employee records with third parties by providing billing, payroll, employee benefits, web-hosting, or other information technology services.
- Seven in 10 respondents (70%) said that data breaches are more likely to occur if they outsourced data.
- Despite this outsourcing exposure, more than three in five businesses surveyed (62%) did not require third parties to cover costs associated with a data breach in their contracts.
“Smaller businesses are targeted by data thieves, but they often don’t know how to respond when sensitive information they keep on customers and employees is lost or stolen,” warns Hartford Steam Boiler Vice President Eric Cernak. “Failing to act in a timely and effective way can harm the reputation of businesses and even risk legal penalties in many states.”
For professional advice on helping you minimize the growing financial and legal threats to your business from data breaches, please feel free to get in touch with our agency at any time.