It is estimated that dealing with the aftermath of a data breach costs the company suffering the breach between $200 to $500 per breached record. As an example, if 1000 customers’ data is included in the breach, it will cost $200,000 to half a million on average to deal with it. Can your company afford and survive that? Are you protected?
On segment #21 of the Business is ART podcast at TrueChat Inc., my guest was Otto Larson of the Marsh & McLennan Agency LLC – Midwest. In this segment we discussed cyber security, data breaches and data liability at some length. Otto is a wealth of information on the topics, but one of the great take-aways from this segment is a set of 5 steps to mitigate against the cost of a data breach.
These steps are outlined in the following:
Understand Your Exposure
This is step number one. Too many times we don’t understand our exposure and if we don’t understand it, we can’t protect against a breach and we can’t mitigate against the potential cost of recovering from a breach. A breach may be far more likely caused by human error, such as losing a smart phone or laptop, than the result of a purposeful attack. Likewise, a disgruntled employee may be far more likely to walk out with critical data than a hacker is to get in to your systems. Paper records represent data as well and have to be protected accordingly. Understand all of these exposures first and foremost in order to properly protect your business, your employees and your customers.
Review Contracts with 3rd Parties
If your business uses 3rd party service providers to whom your customers’ data is transferred or by whom it is stored, review the contracts with those 3rd parties. Make sure you understand not just who is responsible for protecting data under what circumstances, but who is required to take what action in the event of a breach. Plug any holes through contract modifications or by developing mitigation plans.
Ask to be Added to the 3rd Party’s Insurance Policy
Sometimes the 3rd party that manages your customer data is open to adding you or your business to their insurance policy. If you aren’t sure, ask. There is an opportunity here not just to make sure you are better protected, but to save money in the process. If it makes it more attractive to the 3rd party, offer to share the premium expense.
Seek Your Own Insurance Coverage
Whether a 3rd Party adds you to their policy or not, at least explore an insurance policy of your own. Consult with experts like Otto who aren’t just selling an insurance product, but are experts in the subject matter and truly wish to partner with you to help you take risk out of the business as a whole, not just with regard to data. If you are going to spend the money, make sure you maximize the return.
Develop a risk mitigation plan that includes a data breach (or loss). This should include a communication plan, specifically for customers that may be impacted by the breach and potentially, depending on the size and severity, have a communication and PR strategy for the press/media. Identify who does what, when and make sure those individuals know their role. Finally, don’t wait until a breach occurs to test your plan. Periodically conduct dry runs and continually improve your plan.