A data breach occurs and personal information about your customers is compromised. It can happen to any size business, big or small, and the costs to your business can be significant. Every company stores private information including credit card numbers and social security numbers that are vulnerable to a deliberate cyber incident such as unauthorized access to digital systems for the purpose of misappropriating assets or sensitive computer information, corrupting data or causing operational disruption.
In recognition of such a fact the federal government has become involved. A Bill, introduced by Joe Lieberman, aims to address a wide range of cybersecurity issues including data breaches. The Division of Corporate Finance of the SEC has also given Disclosure Guidance that addresses requirements for companies to disclose cybersecurity risks, incidents and related litigation.
As identified by the SEC, disclosure of cybersecurity risk factors include:
- Discussion of aspects of business or operations that give rise to material cybersecurity risks and potential costs and consequences
- Description of outsourced functions that have material cybersecurity risks
- Description of cyber incidents experienced
- Description of relevant insurance coverage
- Description of legal proceedings involving a cyber incident
Even smaller companies not subject to SEC public disclosure requirements need to implement appropriate measures to protect internal data. Failure to do so can result in significant expenses such as fines, disruption of business, loss of customers and litigation expenses.
Many small business insurance policies do not cover cyber incidents such as data breaches. A consult with an attorney who specializes in cybersecurity risks and litigation can help you or your company evaluate your current insurance coverage, discuss specific cybersecurity insurance options and handle any litigation that may result from a cyber incident such as a data breach.