According to a study conducted for The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re, although more than half the U.S. small businesses surveyed by the Ponemon Institute experienced at least one data breach, only a third notified individuals that their personal information had been exposed.
"Smaller companies are targeted by data thieves, but they often don't know how to respond when sensitive information they keep on customers and employees is lost or stolen," said Eric Cernak, vice president for Hartford Steam Boiler. "Failing to act in a timely and effective way can harm the reputation of businesses and even risk legal penalties in many states."
According to a release, the Ponemon Institute survey of small businesses throughout the United States found that 55 percent of those responding have had a data breach, almost all involving electronic records, and 53 percent had multiple breaches. Only 33 percent notified the people affected, even though 46 states require that individuals be contacted when their private information is exposed.
The primary causes of the data breaches were employee or contractor mistakes; lost or stolen laptops, smart phones and storage media; and procedural mistakes.
Sensitive information is more likely to be compromised when the data has been outsourced, 70 percent of the respondents believe, but 62 percent do not have contracts that require third parties to cover all the costs associated with a data breach. Seventy percent of small business owners said they would purchase insurance to help pay for the costs if data is breached.
At least 85 percent share customer and employee records with third parties such as those providing billing, payroll, employee benefits, web hosting and information technology services. When asked which type of lost or stolen data was more likely to harm their business, 70 percent agreed the loss of personally identifying information was more damaging than confidential company data.
The Ponemon Institute surveyed small businesses with annual revenues of less than $10 million for Hartford Steam Boiler, which provides HSB Data Compromise insurance for small to mid-sized organizations. The program helps pay the cost of responding to a data breach and providing personal services to affected individuals. Coverage was recently expanded to include breaches from malicious code, third-party breaches and the cost of professional public relations services.
Hartford Steam Boiler, a member of Munich Re's Risk Solutions family since 2009, provides a range of specialty insurance coverages for business, home and farm.
The Ponemon Institute is a research center dedicated to privacy, data protection and information security policy.
In the U.S., Munich Re provides access to a full range of property and casualty reinsurance and specialty insurance products through Munich Reinsurance America, Inc., American Modern Insurance Group and Hartford Steam Boiler Group.
((Comments on this story may be sent to [email protected]))