Every day across the globe, breaches of information take place. Personally Identifiable Information (PII) and Personal Health Information (PHI) records are compromised by electronic and physical loss in companies across the United States.

 According to the NetDilligence 2014 Cyber Claims Study, PII was the most frequently exposed data and companies are not well equipped for a breach.

In our rapidly changing and high tech world, It is critical for business owners and corporate executives to be aware of the risks and ramifications of a breach of information.
Cyber breaches occur every day. The attacks against the large corporate companies make the nightly news and are topics of discussion for weeks after. The focus however needs to be shifted to what can happen in a small to middle market size business, where resources to respond to this type of loss are not as accessible as they are to larger companies.

Trends have shown that over the past 3 years, small and middle market companies are being targeted more often. Knowing this, there are steps that companies can take to be proactive to protect their best interests and the information of their customers, vendors, suppliers and employees.

Start with determining what is considered PII and PHI. PII and PHI is any data that is used for the express purpose of distinguishing individual identity or any information that is created or received by a health care provider, plan or authority that relates to the past, present or future of any individuals health history or state.  This can be a date of birth, a social security number, a bank account number, or even a first and last name. Once you have determined what information you hold is considered PII or PHI, the next step is to secure that information.

Remember, PII or PHI can be of electronic or paper form. First, any information you hold in paper form that has PII or PHI should be secured, either in a locked room or locked file cabinet or box.  The best way to protect your electronic information is to start with a reputable IT firm.

 Understand what your financial obligations are, if a breach was to happen. When a breach occurs, you are required to notify all individuals that their information may have been compromised due to a breach. This involves sending letters of notification and providing one year of credit monitoring services. Other costs that may arise from this breach can include but are not limited to:

•    the cost to defend/settle any litigation from customers or employees for identity theft

•    the cost to defend/settle any litigation from banks to recover the value of reissuing credit cards or fraudulent statements

•    the cost to defend/settle any regulatory investigations

•    the cost to defend/settle allegations of malicious code from the breach damaged computers of a third party

•    the cost to defend/settle allegations that an insured’s computer system denied a third party the ability to conduct transactions

•    Cost to investigate and determine the cause of a security or privacy breach, including computer forensics

•    Cost to hire a public relations or crisis management firm to mitigate against reputational harm

•    Cost for legal counsel related to privacy and notification laws

The liability costs for breach notification can be protected by purchasing a cyber liability policy. A cyber (also known as privacy) liability policy can protect against these costs that can add up very quickly and can cripple the financial stability of a company. It is essential to consider what a cyber liability policy can do for your company and how it may be able to help you in a time of need based on the scope of your operations.

As we continue to move forward in a time of technological evolution, it is imperative to understand and think about the ramifications of a breach of information in your possession. It is becoming easier for people and groups around the world to access your information. We must be proactive in securing information and preparing for a breach.