HARTFORD, Conn.--(BUSINESS WIRE)--Although more than half the U.S. small businesses surveyed by the Ponemon Institute experienced at least one data breach, only a third notified individuals that their personal information had been exposed, it was reported today in a study conducted for The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re.
“Smaller companies are targeted by data thieves, but they often don’t know how to respond when sensitive information they keep on customers and employees is lost or stolen,” said Eric Cernak, vice president for Hartford Steam Boiler. “Failing to act in a timely and effective way can harm the reputation of businesses and even risk legal penalties in many states.”
The Ponemon Institute survey of small businesses throughout the United States found that 55 percent of those responding have had a data breach, almost all involving electronic records, and 53 percent had multiple breaches. Only 33 percent notified the people affected, even though 46 states require that individuals be contacted when their private information is exposed.
The primary causes of the data breaches were employee or contractor mistakes; lost or stolen laptops, smart phones and storage media; and procedural mistakes.
Sensitive information is more likely to be compromised when the data has been outsourced, 70 percent of the respondents believe, but 62 percent do not have contracts that require third parties to cover all the costs associated with a data breach. Seventy percent of small business owners said they would purchase insurance to help pay for the costs if data is breached.
At least 85 percent share customer and employee records with third parties such as those providing billing, payroll, employee benefits, web hosting and information technology services. When asked which type of lost or stolen data was more likely to harm their business, 70 percent agreed the loss of personally identifying information was more damaging than confidential company data.
The Ponemon Institute surveyed small businesses with annual revenues of less than $10 million for Hartford Steam Boiler, which provides HSB Data Compromise insurance for small to mid-sized organizations. The program helps pay the cost of responding to a data breach and providing personal services to affected individuals. Coverage was recently expanded to include breaches from malicious code, third-party breaches and the cost of professional public relations services.
About HSB
Hartford Steam Boiler, a member of Munich Re’s
Risk Solutions family since 2009, provides a range of specialty
insurance coverages for business, home and farm. One of the world’s
leading equipment breakdown insurers, HSB helps clients reduce risk
through a unique combination of specialty coverages, engineering-based
risk management strategies and loss reduction services. A.M. Best
Company awarded the HSB Group of companies its highest financial rating,
A++ (Superior).
About the Ponemon Institute
The Ponemon Institute is a
leading research center dedicated to privacy, data protection and
information security policy. Often cited for its annual consumer studies
on privacy trust, the Ponemon Institute’s research quantifying the cost
of a data breach helps organizations understand the business impact of
lost or stolen data.
About Munich Re
In the U.S., Munich Re provides access to a
full range of property and casualty reinsurance and specialty insurance
products through Munich Reinsurance America, Inc., American Modern
Insurance Group and Hartford Steam Boiler Group. Munich Re stands for
exceptional solution-based expertise, consistent risk management,
financial stability and client proximity. Munich Re creates value for
clients, shareholders and staff alike. In the financial year 2011, the
Group – which combines primary insurance and reinsurance under one roof
– achieved a profit of €0.71bn on premium income of around €50bn. It
operates in all lines of insurance, with around 47,000 employees
throughout the world. With premium income of around €27bn from
reinsurance alone, it is one of the world's leading reinsurers.
Especially when clients require solutions for complex risks, Munich Re
is a much sought-after risk carrier. Its primary insurance operations
are concentrated mainly in the ERGO Insurance Group, one of the major
insurance groups in Germany and Europe. ERGO is represented in over 30
countries worldwide and offers a comprehensive range of insurances,
provision products and services. In 2011, ERGO posted premium income of
€20bn. In international healthcare business, Munich Re pools its
insurance and reinsurance operations, as well as related services, under
the Munich Health brand. Munich Re's global investments amounting to
€202bn are managed by MEAG, which also makes its competence available to
private and institutional investors outside the Group.