The Target breach was a $256-million cleanup job, even though, as we covered in "Target's Cyber Liability Insurance Covered 36% of Its Data Breach Costs. How Much Does Yours Cover?," insurance covered a third of the loss. The ordeal was enough to make other corporations take notice.
Now, according to the Los Angeles Times, cyber security experts are gracing seats in corporate boardrooms. The report notes major companies, such as Wells Fargo, AIG, BlackBerry, Delta Air Lines, and General Motors, have all added a cyber security board member in recent years.
What's the value in that? Board members are responsible for advising CEOs on decisions that affect the company's future. With a cyber security expert on standby, the company can plan for mitigating and responding to data breaches.
And data breaches aren't small beans. IBM and the Ponemon Institute's 2015 Cost of Data Breach Study shows…
- The average total cost of a data breach is $3.79 million.
- Each stolen record comes with a price tag of about $154.
These hard numbers don't account for the reputational damage and the lost company secrets that may follow a breach, either. This is to say, companies have a lot of interest in making cyber security a boardroom priority.
But what if, like most small businesses, you don't have a board and can't afford one? In that case, working with an IT consultant is your best chance at shoring up your digital affairs and managing your data breach risks.
IT Consultants: Kind of Like a Board Member for Hire
There's a reason hackers can't resist a small business. Unlike corporate big wigs, the little guys usually can't afford to sink a ton of resources into their cyber fortresses. That may explain why, according to the National Small Business Association's Year-End Economic Report [PDF], cyber attacks cost small businesses an average of $20,752 in 2014, up from the $8,699 in 2013.
That number is a reminder that the size of your business is no excuse to put cyber security on hold. When you work with an IT consultant, it's kind of like having your own personal board member to give you advice on how to safeguard your data. The difference? Many work on an as-needed basis.
A tech contractor can…
- Suggest best practices for your employees on how to access and store information.
- Scale security measures to fit your business's needs.
- Advise you on security or software decisions.
- Create a data response plan.
That last point is key – having a plan of action for when a breach happens may reduce the overall cost of the incident considerably. Part of that plan may be to carry Cyber Liability Insurance, a policy that can help pay for some major expenses that accompany a breach, such as…
- Notifying affected parties.
- Negotiating with cyber extortionists that hold your data captive.
- Funding PR campaigns to repair your business's reputation.
- Offering credit and identity monitoring services to affected parties.
If something does go wrong and customer data is exposed, your Cyber Liability policy can help you handle the aftermath. And if customers come after you with pitchforks and lawsuits? You can at least point to the fact that you hired a cyber security consultant as proof that your business wasn't completely negligent about its duty to protect sensitive data. Just make sure that consultant has tech E&O Insurance in case they make an oversight that costs your business.
To learn more about your data responsibilities, read "Reminder: It's Your Job to Keep Customer Data Safe."