A data breach is an incident that causes the inadvertent compromise of confidential, proprietary, or otherwise sensitive data through its exposure or theft.
How does a Data Breach Occur?
There are almost innumerable ways for a data breach to occur, and not all methods require a malicious actor who is actively seeking avenues of exploitation. However, the greatest contributor to most data breaches is criminal and malicious behavior. Generally, there are 3 main causes of data breaches: non-malicious system errors, accidental exposure through human mistakes, and criminal behavior.
- 1Unforeseen system glitches such as application failures, communication errors, accidental data dumps, etc., can cause the undue exposure of data.
- 2Human error such as replying all on an e-mail thread with sensitive information; accidental forwarding of communication to unintended recipients.
- 1Weak passwords can be easily circumvented by savvy attackers utilizing password cracking applications. These malicious programs, once rooted in your system, continuously submit popular passwords and try simple variations in attempts to breach confidential accounts. Since usernames and e-mail addresses are commonly constructed using some portion of an individual’s legal first and last name, it is not difficult for cybercriminals who are targeting a specific person to guess basic credentials.
- 2Even strong passwords can be compromised if an attacker is able to leverage their access to existing accounts and effectively trigger some kind of password reset link that is sent to an account they control.
- 3Since large-scale data breaches are constantly taking place, it is possible that employee account credentials are already freely accessible on the web, unbeknownst to them. It only takes one breach of an application or service to expose usernames and passwords that have been used repeatedly across accounts. Additionally, attackers can often use even small pieces of information on a target to build convincing social engineering attacks (i.e. phishing).
Third Party & Vendor Compromise
Malware and SQL Injections
How can it hurt my business?
Data breaches can cause significant harm to businesses of any size, but they are especially devastating for smaller organizations. The damage can affect a business in countless ways. Below is a list of three main areas that will be impacted.
Data Breach Statistics
Average cost per lost or stolen record
Per record in 2017.
- 7 billion records were compromised due to cyber security breaches in 2017
- 45% more cyber security breaches happened in 2017 compared to the record-setting year of 2016
- 60% of SMBs go out of business within 6 months of a cyber security breach.
- It takes companies an average of 191 days to discover a breach.
How can cyber insurance help?
Like other forms of liability insurance, cyber insurance safeguards businesses and their owners from the fallout caused by a breach, accidental data exposure or act of cyber aggression. Businesses can be held liable for breaches that expose customer information, even if the breach occurred at a third-party. Customers are able to hold companies accountable for the choices they make regarding which third-party vendors to use for data storage, payment processing, etc.
Cyber insurance offers the protection that small businesses need to mitigate risks associated with an increasingly digital and connected world.