Menu
Banking Exchange logo215mar2015
Menu

When data breaches hit Main Street

Part 1: Hacks beyond the headlines kill businesses

This is part 1 of a two-part report based on a briefing about data breaches conducted by Travelers. This is part 1 of a two-part report based on a briefing about data breaches conducted by Travelers.

Everyone knows about the big data breaches that have hit Americans and their banks—the Targets, Home Depots, and others from the headlines. Most any banker can recite the names of the retailers or other firms whose infiltrations have cost banks big bucks and spawned lawsuits.

But what’s often lost is the local story, according to Timothy Francis, enterprise lead for cyber insurance at Travelers, citing industry statistics. There are 34,529 known computer security incidents every day in the U.S., Francis told attendees at a recent Travelers security briefing.

Many of these incidents—at least 62%—involve breaches of small- and medium-sized businesses, according to Francis, many of them Main Street firms that lack the technological sophistication that larger retailers and other big companies have (and still get hacked).

Further, they tend to not even know that they’ve been hit until they are told by an external party, often, a bank, according to Francis.

For smaller companies especially, “these things are stressful—they’re a wild pain in the butt,” said John Mullen, partner at Lewis Brisbois Bisgaard & Smith LLP Attorneys. Mullen specializes in privacy and data security issues and heads a team that serves as a collective “data breach coach” for firms hit by breaches.

And that’s just for starters. Mullen said that without cyber breach insurance, “it’s a small- and medium-sized company killer. In proportion to the size of the companies, the expenses can be pretty big.” Simply getting to the point of knowing that the company’s affairs are secure again can take time and expertise that may have to be brought in like paramedics. It is not unusual for attacks to occur on weekends and over holiday periods, experts at the event stated.

Mullen says it can take a while for even experts to tell management what got burned and what was spared.

To gauge the scope of the costs, Mark Greisiger, president of the NetDiligence consultancy, told listeners that the cost of recovering from a single breach customer record hit $956.21 in 2014. This was more than three times the cost for a breach in 2013, according to figures he cited from his firm’s own claims study.

Travelers released its 2015 Travelers Business Risk Index findings at the conference, recounted below. Next week more from the experts assembled by Travelers will be covered, including a recap of a simulated hack performed in a controlled environment right in front of the audience. (Read "Watching a Main Street data breach happen.")

Business risk survey data

Want more banking news and analysis?

Get banking news, insights and solutions delivered to your inbox each week.

Travelers reported that 58% of its survey sample worry about cyber risk today, versus 53% last year. Cyber security concerns have grown in magnitude, the study found. Now they rank as the second-highest concern, following medical cost inflation. In 2014, cyber worries ranked fifth.

(Among financial services companies, 80% cited cyber risk concerns, making this the top concern for this business segment. Costs of complying with laws and regulations came in second, at 65%, and legal liability came in third, at 63%. Interestingly, tech companies surveyed ranked cyber issues first as well, although only 56% reported that concern.)

“On the whole, businesses worry far more about malicious cyberattacks, such as viruses or hackers, than they do about system crashes or careless computing practices by employees,” according to Travelers’ report. “About one in 10 businesses believes it has been the victim of a cyberattack, including one in five large businesses.”

The report found that having sufficient financial resources to recover from data-related breaches was a concern among 43% of the sample. By business size, 39% of smaller firms reported this concern, versus 44% of mid-sized firms, and 45% of the largest companies.

Surprisingly, given what Francis cited above, while an industry survey found that one in five small businesses is targeted for a hack, smaller companies were least concerned about cyber security.

Only 45% of the smaller companies—those with fewer than 250 employees—worry about cyber risk, 60% of managers at mid-sized firms reported that concern. At the larger companies surveyed, 70% report cyber risk as a concern.

In spite of even the higher concern at larger companies, preparedness is relatively lacking. Only 33% of respondents have a cyber breach response plan in place. And only 39% have implemented programs of employee data protection or employee education in the risk and preventative steps.

Digging deeper into cyber concerns for the entire sample, 57% worry most about viruses. Other concerns: 51% worry about crooks infiltrating their bank accounts or financial control systems; 51% worry about systems crashing or otherwise being damaged; and 50% worry about hacks of their computer systems.

The greatest specific concern overall is about malicious and criminal attacks, at 55% of those reporting.

Steve Cocheo

Steve Cocheo’s 38 years in financial journalism have taken him to all 50 states and nearly every corner of financial services in companies from fintech startups to community banks to regional and national giants. He is executive editor of Banking Exchange and digital content manager of www.bankingexchange.com. Previously he spent 36 years on the staff of ABA Banking Journal and 22 years concurrently as editor of ABA Bank Directors Briefing. He is the only journalist to have sat in on three federal banking exams, was a finalist for the Jesse H. Neal national business journalism awards, and a winner of multiple awards from the American Society of Business Publication Editors. A year ago he finally gave up his cherished Blackberry for an iPhone, recently tried Uber, and has made it by Citibike from Battery Park to the Washington Bridge… and back.

back to top

Sections

About Us

Connect With Us

Resources