Data Breach

What is a data breach?

A data breach is an incident that causes the inadvertent compromise of confidential, proprietary, or otherwise sensitive data through its exposure or theft.

How does a Data Breach Occur?

There are almost innumerable ways for a data breach to occur, and not all methods require a malicious actor who is actively seeking avenues of exploitation. However, the greatest contributor to most data breaches is criminal and malicious behavior. Generally, there are 3 main causes of data breaches: non-malicious system errors, accidental exposure through human mistakes, and criminal behavior.

Accidental/Non-Malicious

  • 1Unforeseen system glitches such as application failures, communication errors, accidental data dumps, etc., can cause the undue exposure of data.
  • 2Human error such as replying all on an e-mail thread with sensitive information; accidental forwarding of communication to unintended recipients.

Compromised Password

  • 1Weak passwords can be easily circumvented by savvy attackers utilizing password cracking applications. These malicious programs, once rooted in your system, continuously submit popular passwords and try simple variations in attempts to breach confidential accounts. Since usernames and e-mail addresses are commonly constructed using some portion of an individual’s legal first and last name, it is not difficult for cybercriminals who are targeting a specific person to guess basic credentials.
  • 2Even strong passwords can be compromised if an attacker is able to leverage their access to existing accounts and effectively trigger some kind of password reset link that is sent to an account they control.
  • 3Since large-scale data breaches are constantly taking place, it is possible that employee account credentials are already freely accessible on the web, unbeknownst to them. It only takes one breach of an application or service to expose usernames and passwords that have been used repeatedly across accounts. Additionally, attackers can often use even small pieces of information on a target to build convincing social engineering attacks (i.e. phishing).

System Exploitation

New vulnerabilities are discovered on a daily basis. They exist in all platforms and programs, no matter how trustworthy their manufacturer is. All systems, servers, applications and other business technology elements that are not updated in a timely manner pose potential security threats. Highly sophisticated hacking tools give criminals deep insight into company systems before they have even made a successful data breach.

Phishing Attacks

Phishing and other social engineering attacks remain the most effective way for attackers to breach otherwise protected systems. Cyber criminals have several options when seeking to penetrate an organization’s defensive capabilities. Often, social engineering attacks are a more efficient way for criminals to penetrate your system than trying to breach state-of-the-art technical protective mechanisms (that are still vulnerable to other forms of attack no matter their level of sophistication and implementation).

Third Party & Vendor Compromise

Data breaches of cloud services providers affect not only their immediate customers but also their customers' customers... By law, business owners are 100% responsible for the loss or damage of their customer data regardless of the third party or vendor they use to manage customer data and will be liable for security incidents that occur at these third parties.

Malware and SQL Injections

Other common methods of causing data breaches are SQL Injections and malware infections. They almost always occur via a public web-facing platform, visiting a compromised website, clicking on infected attachments and links, etc.

How can it hurt my business?

Data breaches can cause significant harm to businesses of any size, but they are especially devastating for smaller organizations. The damage can affect a business in countless ways. Below is a list of three main areas that will be impacted.

FINANCIAL

For all costs incurred by the incident, including record recovery, hardware replacement, technical support, government fines, law suits and much more.

OPERATIONAL

Downtime caused by being unable to resume normal activities.

REPUTATION

Even for large companies breaches are an embarrassing blight and cause an exponential drop in trust amongst customers. For smaller businesses data breaches can lead to bankruptcy as their already small client base can disappear completely

Data Breach Statistics

Average cost per lost or stolen record

$191

Per record in 2017.

  • 7 billion records were compromised due to cyber security breaches in 2017
  • 45% more cyber security breaches happened in 2017 compared to the record-setting year of 2016

  • 60% of SMBs go out of business within 6 months of a cyber security breach.
  • It takes companies an average of 191 days to discover a breach.

How can cyber insurance help?

Like other forms of liability insurance, cyber insurance safeguards businesses and their owners from the fallout caused by a breach, accidental data exposure or act of cyber aggression. Businesses can be held liable for breaches that expose customer information, even if the breach occurred at a third-party. Customers are able to hold companies accountable for the choices they make regarding which third-party vendors to use for data storage, payment processing, etc.

Cyber insurance offers the protection that small businesses need to mitigate risks associated with an increasingly digital and connected world.

Get coverage

Running a business is challenging enough without having to worry about cyber liabilities and lawsuits. You are one click away from getting the vital coverage your business needs.