Some are calling 2014 “The Year of the Data Breach.” Every business, regardless of size, must be concerned with private information breaches. It is the fastest-growing risk for all businesses in every industry. Data breaches can cost companies millions of dollars. (The Target data breach costs reached $148 million.) However, not just the direct costs related to the data breach and resolution are of concern. The damage to a company’s reputation and lost sales can be devastating.

Over the past year, there have been a number of high-profile data breaches including Apple®, Home Depot®, Target®, UPS® and Yahoo®; however, these are only a few of the data breaches that have occurred. The Identity Theft Resource Center® lists over 600 breaches in 2014 with over 77 million exposures.

Because many high-profile cases involve large companies being hacked, smaller businesses may believe that they aren’t at as great a risk due to their size. However, many data breaches involve far more basic security lapses such as employee mistakes, inadequate system monitoring or the use of weak passwords. Smaller companies may also be targeted due to having less sophisticated security measures. Beyond system issues, breaches of private information can occur due to improper disposal of hard copy records, loss of a laptop, mobile device or transportable data storage device.

Steps to better manage data and cyber risks

Get organized – Inventory and document the risks your business faces. Identify all the places where your business acquires, uses and stores sensitive information such as website, marketing/sales databases, client/prospect records and human resources. Determine who is in charge of the information and who has access internally as well as third-party vendors.  Don’t collect or retain private information that you don’t need.

Get educated – Know the federal and state laws that govern information security and privacy including CAN-SPAM, COPPA, FACTA, US Patriot Act, and Massachusetts General Laws 93H, 93I and 201 CMR. You may even have contractual requirements for data security. Know whether you are in compliance or need to develop new strategies.

Get a handle on business relationships – Do outside vendors have access to your company data and systems for support functions? Does your company work with sensitive client information? Be clear on how agreements and contracts outline responsibility for data protection, confidentiality and privacy. Periodically audit and inspect to ensure ongoing compliance of your vendors. Ensure that you are meeting contractual requirements with your clients.

Get covered – When considering high-profile data breach costs, smaller companies may feel helpless in being able to recover financially; however, cyber insurance aka privacy insurance is available, which can help with the costs of recovery and claims should a breach occur despite your security efforts.  Most liability policies provide little if any protection for a data breach situation. Businesses should sit down with their agent to review their current protection and discuss privacy/cyber insurance options. Not all policies are the same, and your agent can help you find the solution that works best based on your level of risk.

Get a plan together – Once you understand the risks, build a plan and establish procedures for how data is collected, stored, accessed and shared. The Massachusetts Privacy Laws require that all businesses that receive, store, maintain, process or have access to personal information have a written information security program(WISP) on how they will protect such data. Having a data breach without having a WISP in place, will only exacerbate the issues a business faces.

Also, develop a plan for how your company will monitor, detect and respond should a data breach occur. Create plans in terms of information technology, legal, financial and public relations so that there is a clear action plan in the event of a breach.  The FCC has a helpful online tool called Small Biz Cyber Planner that can help businesses develop a data security plan.

Through better procedures, training and making reasonable investments to protect electronic systems, you can help your business avoid a data breach. While the specific challenges of data privacy and security are ever changing, the need for having a plan in place will remain constant.  No business can afford to ignore the risks because virtually every business maintains some type of personal information. It’s not enough to plan to protect the information; you also need a plan for the financial resources it will take to respond and recover should a data breach occur.

1 The Verizon® 2014 Data Breach Investigations Report
2 The Verizon 2013 Data Breach Investigations Report
3 2013 U .S. House Small Business Subcommittee on Health and Technology, “Protecting Small Businesses Against Emerging and Complex Cyber-Attacks”

Read Other Blog Posts

What Counts as a Home-Based Business

What Counts as a Home-Based Business (and When Your Home Policy Isn’t Enough)

Understanding when your homeowners' insurance ends and business coverage begins is essential for anyone running a business from home. Learn what counts as a home-based business, common coverage gaps, and when you need additional protection.
Workers’ Comp 101 for Massachusetts Employers

Workers’ Comp 101 for Massachusetts Employers

Workers’ compensation rules in Massachusetts are strict and sometimes misunderstood. Learn who must carry coverage, common exemptions, audit triggers, and costly compliance mistakes employers should avoid.
Disaster Planning: Supply Chain Disruptions-Ships in Strait of Hormuz

Why Disaster Planning Matters: Protecting Your Business from Supply Chain Disruptions

Supply chain disruptions, whether global or local, can impact any business. Learn why disaster planning, supplier diversification, and the right insurance coverage are essential for resilience.
Hurricane Arthur a Reminder That Hurricane Season Has Begun

Tropical Storm Arthur—a Reminder That Hurricane Season Has Begun

Hurricane Arthur marks the start of the 2026 hurricane season—now is the time for Northeast property owners to prepare with smart maintenance and insurance review tips.
Cyber Insurance for Small Businesses What It Actually Covers and What It Does Not

Cyber Insurance for Small Businesses | What It Actually Covers and What It Does Not

Cyber insurance can help small businesses manage the impact of data breaches, ransomware, and fraud, but needs vary by business. Understanding coverage, planning ahead, and investing in employee training can help reduce cyber risk and avoid costly surprises.
National Safety Month- Building a Safer Workplace and a Stronger Business

National Safety Month: Building a Safer Workplace and a Stronger Business

National Safety Month is a reminder that workplace safety protects both employees and businesses. Learn how proactive safety planning can reduce claims, improve operations, and support stronger long-term risk management.
Work Meeting 1200

Health Plan Eligibility: Do’s and Don’ts

Employers have flexibility when defining health plan eligibility, but that discretion is limited by federal requirements under ERISA, the ACA, HIPAA, and Medicare rules. This overview outlines key eligibility do’s and don’ts to help employers stay compliant and avoid costly mistakes.
Man writing next to computer

Why Timely Notice Matters Under Claims-Made Liability Policies

Claims‑made liability policies require more than just having coverage in place. Timely notice of claims or potential claims is critical to preserve coverage and avoid unexpected gaps. This article explains how claims‑made policies work, how to identify if your policy is claims‑made, and practical steps businesses can take to stay protected.
Insurance Checklist for Owners of Vacation Rentals in New England

Insurance Checklist for Owners of Vacation Rentals in New England

Vacation or seasonal rentals in New England face unique risks, including vacancy, severe weather, and increased liability. Use this insurance checklist to ensure your second home or short-term rental has the right protection in place.

Visit Our Business Insurance Page

Business Insurance

Murphy Insurance stands as your steadfast partner in safeguarding your business from unforeseen challenges in today’s dynamic business landscape. In an era where comprehensive business insurance is not just a prudent choice but a vital one for ensuring the long-term stability and security of your enterprise, we are here to offer our expertise. Running a business inherently entails various risks that can potentially impact your financial stability and reputation. Learn more about our comprehensive business insurance solutions, which are meticulously designed to protect you from these potential threats, granting you peace of mind necessary to focus on the growth and prosperity of your business.