This last article in this cyber security series addresses the risks to businesses that are not armed with a cyber response plan or adequate insurance coverage. A number of business clients have asked what’s really at stake in a cyber breach. In short, the entire business could be at stake.
 
Industry insiders like David Usher and his team at CMIT Solutions understand these risks. According to CMIT’s IT manager, one in three small and mid-sized businesses will fall victim to a cyberattack. And many businesses end in financial ruin after a cyberattack.
 
Those in the commercial insurance business like Morgan Scheibel with Ron Barber Allstate Insurance Company, or Zach Sinclair and Chris Burkauskas at Wells Insurance, have confirmed that interest in cyber insurance for businesses is growing rapidly. According to Scheibel, policies for identity recovery and data compromise are gaining popularity with the increase in cyber liability coverage. In Scheibel’s business, identity recovery covers the theft of identities of individuals involved in a business, while data compromise coverage helps a business notify and assist clients following a breach.
 
While larger companies have made the news for data breaches, Scheibel notes that smaller companies are just as much at risk or more so if they lack the protection that larger companies typically acquire. It is no wonder that Wilmington businesses are turning to these local cyber and insurance professionals before a breach occurs because the stakes are too high post-breach.
 
The hard financial costs of a cyber breach include investigating and repairing damages, notifying individuals and government agencies, and managing public relations. An initial assessment could range from $2,000 to $10,000 for small businesses and up to $25,000 for large companies. Determining a solution and repairing the problem adds to those costs. Sometimes, businesses are choosing to pay a cyber ransom to restore stolen data and systems because the ransom demand is cheaper than the costs of repair.
 
Litigation for data breach and privacy is becoming more and more common. The costs for litigation will quickly rise. Businesses may choose to initiate legal action against those who caused the breach. Or businesses may be forced to defend against lawsuits brought by consumers or government agencies. Civil claims may include negligence in failing to exercise due care in retaining, securing, deleting and protecting data; breach of an implied contract in safeguarding personal data; breach of fiduciary duties; unjust enrichment; and unfair and deceptive trade practices relating to data. Class action suits, a settlement or a judgment for damages to compensate victims of a cyber breach will also affect litigation costs. While litigation costs are better evaluated in dollars, a dollar figure for the time spent litigating cannot be high enough.
 
Finally, a business’s reputation will be affected by a breach. In the last year, even reputable corporations have suffered cyberattacks. A company’s ongoing business and reputation also may be affected due to negative customer perceptions post-breach.
 
It doesn’t matter whether a business is a nonprofit, in health care, in banking or in hospitality. In a world where many transactions require personal data, it only makes sense for businesses to arm themselves against a potential cyberattack to avoid these steep costs.
 
Kara Gansmann, a North Carolina native, is an associate in Cranfill Sumner & Hartzog LLP’s Wilmington office, where she focuses her litigation and appellate practice on various aspects of labor and employment law, business and contractual disputes, medical malpractice, and HOA matters. To contact Kara Gansmann, call (910) 777-6055 or email her at [email protected].