Major data security breaches can be disastrous for companies of all sizes. For smaller tech companies in particular, a significant breach can become a catastrophe that permanently dooms the business. Thankfully, small tech companies can learn from the mistakes of their predecessors and find out how Cyber Risk Insurance (also called Cyber Liability Insurance and Data Breach Insurance) can help them avoid such calamities.
Here’s a look at how data breaches have affected major tech companies – and what you can learn from their experience.
Yahoo!’s Data Breach Disasters
Yahoo! has come under fire for data breaches multiple times. Most recently, in July 2012, hackers broke in to the Yahoo! Voices (formerly known as Associated Content) service and stole 450,000 passwords that were stored in unencrypted, plain-text format. A review showed that the database where the passwords were kept had few to no security features in place to protect against any sort of external attack.
Furthermore, the review showed that most of the passwords stolen were actually extremely easy to guess, having no requirements for character deviation (capital letters, numbers, non-alphanumeric characters) that should be a part of any decent security protocol. Naturally, Yahoo! was sued for its lack of security regarding the data and its failure to quickly inform users that their data had been compromised. The action was still pending as of March 2013.
(Read more about data breaches and how you can prevent data breaches in your business.)
Data Breach Leaks at ChoicePoint Records
ChoicePoint was a go-to provider for background checks. However, in 2005, ChoicePoint's systems were compromised, resulting in the full release of data records for over 163,000 people to criminals posing as legitimate customers.
The data breach resulted in the company being fined $15 million by the Federal Trade Commission, and a separate legal settlement with 43 states' attorneys general. ChoicePoint also had to change its business offerings, which led to a buyout by LexisNexis two years after reporting $1 billion in revenue.
Sony’s Infamous PlayStation Data Breach
This infamous cyber breach is important to note for small tech firms because it shows how problems that are not caught early can blow up and completely derail a business. The lessons are also applicable for any smaller company or website that focuses on its community of users.
In April 2011, 12 million PlayStation accounts suffered theft of credit card data due to a failure to encrypt users' information. The entire network of 77 million users suffered some form of information loss in the form of credit card information, address, name, birth date or other personally identifiable information.
Users were unable to access the PlayStation Network over a three-day period. Sony's response was to shut down the entire network and rebuild it from scratch, a process that took well over a month to complete. The entire affair cost Sony over $170 million and a tremendous amount of credibility.
Sony took more than a week to warn its users that a data breach had occurred, and the company's slow response time in alerting its users and in developing a fix (or in this case, a full-blown replacement) made the company a laughingstock with regards to data security and cyber risk management.
The Importance of Cyber Risk Insurance
The three examples above show how a data breach can be an extremely costly affair. Whenever sensitive data is exposed, a company's entire reputation, no matter how good it may have been, takes a plunge. Cyber Risk Insurance can keep your company from suffering some of the fates outlined above: monetary loss, reputation loss, user reduction, and possibly even the end of your business as you know it.
A 2013 survey by the Ponemon Institute found that over half of U.S. small businesses have experienced at least one data breach. Without Cyber Risk Insurance in place, such an incident can lead to tremendously damaging financial fallout.
Despite this fairly straightforward way to guard against cyber security threats, only a third of these firms took proactive steps to notify affected individuals that their data had been exposed. More mind-boggling is that while 55 percent have had one data breach, 53 percent had more than one, indicating an abject failure to learn any lessons when breaches happen the first time.
A qualified insurance agent can work with your business on both preventative measures and insurance products to minimize the losses from any data breaches that do occur. (For an explanation of how Cyber Risk Insurance protects IT firms, read "Third-Party Vs. First-Party Cyber Risk Insurance.")
Preventive Measures: Avoiding Data Breaches
As your insurance agent can verify, your business can minimize its risk of experiencing a damaging data breach by…
- Using strong passwords.
- Changing passwords regularly.
- Sharing sensitive information with only those who need it to complete their jobs.
- Investing in firewalls and antivirus software.
One bonus of implementing these risk-management protocol is that premiums for your Cyber Risk Insurance will likely go down if and when you do.
Proactive Data Breach Repair: Take Action Sooner Rather Than Later
Smaller tech firms may not know how to respond to the theft of data or the breaching of security systems, but failing to act in a timely manner can make the ultimate result of a breach even worse. With adequate Cyber Risk Insurance in place, you’ll know to contact your insurance provider as soon as a breach occurs to minimize the damage done.