≡ Menu

Should My Small Business Have Data Breach Insurance?

Data Breach InsuranceShould your business carry data breach insurance? If you deal with any types of private data, the answer is likely “yes”. Businesses that process payments, work under nondisclosure agreements, or maintain sensitive records on their clients, customers, or employees should consider purchasing this type of insurance.

And while you may be familiar with some of the more famous cyber attack cases of the last year — Anthem, Sony, and Target, to name a few — it’s not just large companies that have to worry about data security. Small businesses account for more than two-thirds of data breaches.

Here are some surprising stats from the most recent Global Security Report from Trustwave and the Ponemon Institute’s Cost of Data Breach Global Analysis.

Who’s Affected By Data Breaches

American Businesses

Data breach is a big problem for American businesses. 59% of all victims are U.S. residents. The next largest group of victims came from the U.K., which had 14% of worldwide data compromise victims.

The origination point of hacks and data breaches is also shifting. We used to think of Russia or Eastern Europe as the source of many of these attacks, but in 2014, the U.S. topped the list with 19% of attacks originating at home.

E-commerce Businesses

E-commerce retailers depend on networked systems to run their shops, process payments, manage bookkeeping, and communicate with their customers. It’s no surprise then that the e-commerce industry accounted for 54% of the assets targeted by online attackers.

Retail and Restaurant Businesses

Brick-and-mortar businesses weren’t much safer. POS system breaches accounted for 33% of attacks. Sleek, cost-effective, and customizable tablet point of sale systems are popular with trendy retail and restaurant businesses. But their mobile OS could leave some data open to vulnerabilities.


The size and structure of franchises can actually be a boon to attackers as well, offering multiple systems which could have exploitable weaknesses. Regardless of the type of business affected, payment data is some of the most sought after info by attackers.

Other Industries

Retail, food and beverage, and hospitality businesses are the most likely to experience data breaches. Still, finance, professional services, tech, entertainment, transportation, and health care are also at risk. Approximately one-third of data breaches in 2014 involved these industries.

Non-Payment Data Breaches

Theft of sensitive and confidential data, internal communications, personal info, and customer records is also on the rise. This year’s Trustwave report showed a 33% increase of these types of attacks from 2013. Non-payment card data accounted for 45% of all stolen data.

Finding and Fixing Data Breaches

71% of data breach victims did not detect the attack themselves. Self-detected breaches could usually be addressed in 1 day by a vigilant IT department. But outside notification made the typical breach response time balloon to an average of 2 weeks!

Data compromises can go on for much longer than you’d imagine, sucking up more data in the process. Trustwave put the mean number of days a breach went undetected at 87 days. That’s almost 3 months! Now factor in the week or two it may take to close the vulnerability after detection. That’s enough time for a typical business to expose thousands of records to attackers.

Why You Need Data Breach Insurance

If you’re a small business you likely deal with some kind of sensitive data. If you need to protect payment details and transactions or keep confidential records secure, insurance can offer extra protection.

Many policies can help you avoid problems before they happen with periodic reviews of your data security. If you do have a breach, insurance can cover the cost of hiring a professional to patch the vulnerability, as well as legal fees, if you end up in court.

According to research findings from the Ponemon Institute, data breach insurance actually makes your company safer, too. While some might speculate that having insurance would encourage a company to divert attention and further resources away from its data security, the Global Analysis report found the exact opposite. Companies with insurance typically were focused on making sure data breaches never happened. As a result, their proactive approach led to a safer business.