Although the number of data breaches continues to rise among small businesses, 85 percent of small business owners were convinced they’re unlikely to take a cyber hit, according to a survey by The Hartford.
Many of those surveyed indicted they weren’t taking security measures to protect their customer or employee data.
“Most of the business owners surveyed believe they are not at risk, when in fact smaller businesses are increasingly being targeted,” Lynn LaGram, assistant vice president of small commercial underwriting at The Hartford, said in a statement. “As cyber criminals set their sights on smaller firms, it is important for business owners to take proactive measures to protect data and minimize the likelihood of a breach.”
The survey found that business owners varied in their adoption of eight data protection “best practices” to help reduce a business’s risk of a breach:
1. Lock and secure sensitive customer, patient or employee data – 48 percent
2. Restrict employee access to sensitive data – 79 percent
3. Shred and securely dispose of customer, patient or employee data – 53 percent
4. Use password protection and data encryption – 48 percent
5. Have a privacy policy – 44 percent
6. Update systems and software on a regular basis – 47 percent
7. Use firewalls to control access and lock-out hackers – 48 percent
8. Ensure that remote access to their company’s network is secure – 41 percent
The survey also found that nearly two-thirds of business owners (61 percent) believe a data breach violates trust and would jeopardize their relationships with customers, patients and employees.
More than a third (38 percent) said they have a more negative opinion of companies that have recently experienced a breach, based on the companies’ handling of the breach.
About a third of business owners (34 percent) said they would have difficulty complying if there were government notification requirements. Nearly half (47 percent) acknowledged it would be impossible for a small business to completely safeguard customer, patient or employee data.
“Given the potential business and reputational costs of a data breach, it’s also important for business owners to have insurance in place to help them respond and recover quickly and effectively in the event of a breach,” LaGram said.
For more information on this issue, see our story “Cyber liability poses risks not covered by ordinary insurance.”