Risk & Business Magazine McFarlan Rowlands Fall 2015 | Page 31
R
& Ensure Protection
B Small Businesses May Be More Likely to Experience a Cyberattack
BY: INTACT INSURANCE
S
ay the words, “cyberattack,” and most
people think of companies like Target
and Home Depot. Small businesses think
they are immune to this sort of breach.
But as more small companies adopt the
same technologies as large corporations,
they may be even more exposed than the
large ones.
“Big businesses are no longer the sole
target for cyberattacks, as smaller
businesses handling credit card
transactions and who collect and store
confidential information are often more
unprepared,” says Tom Leitch, President
of Commercial Lines at McFarlan
Rowlands.
Where a large company will have systems
in place to help protect them from a
cyberattack, small companies can be
more vulnerable as they typically don’t
have resources to monitor their websites
and online business.
And it’s not just the hackers small
businesses have to worry about. A
breach can be as simple as an employee
losing a laptop with sensitive customer
information stored on it.
While the monetary expense of a
cyberattack can be detrimental, small
businesses that encounter breaches are
more impacted by reputational damage
than larger businesses. A report from
Symantec, a security software company,
states that 60 per cent of small businesses
will go under within six months of a
cyberattack.
Canadian businesses now have a lot
more responsibility when it comes to
a privacy breach since the Personal
Information Protection and Electronic
Documents Act (PIPEDA) has been
amended to include mandatory breach
notification. Businesses will also have
to keep a record of all data breaches
and may need to report them to the
Privacy Commissioner. A business that
knowingly fails to report or record a
breach may be fined up to $100,000.
access to educational resources to help
companies prevent attacks, so customers
receive value immediately. These
products are typically administrated by
an independent third-party, like IDT911,
who are experts in the field.
“Before a breach even happens, customers
can visit IDT911’s customer portal to
access training on breach issues such as
compliance and privacy security, and
download a customizable privacy breach
incident response plan—essential to
minimizing the impact of an attack,” says
Tom.
If a breach occurs, the insurance covers
expenses such as assistance in notifying
impacted individuals, computer forensic
services to determine if a privacy breach
has occurred and to assess the breach’s
severity, public relations assistance to
help restore the business’ reputation,