Small Businesses Hit With Data Breach Often Fail to Notify Customers: Survey

While more than half the U.S. small businesses experienced at least one data breach, just one-third of those firms notified individuals that their personal information had been compromised, a new survey revealed.

“Smaller companies are targeted by data thieves, but they often don’t know how to respond when sensitive information they keep on customers and employees is lost or stolen,” said Eric Cernak, vice president for Hartford Steam Boiler. “Failing to act in a timely and effective way can harm the reputation of businesses and even risk legal penalties in many states.”

The survey, conducted by the Ponemon Institute for The Hartford Steam Boiler Inspection and Insurance Company (HSB), found that 55 percent of small businesses in the United States have had a data breach, almost all involving electronic records, and 53 percent had multiple breaches. However, only 33 percent notified the people affected, even though 46 states require that individuals be contacted when their private information is exposed.

The primary causes of the data breaches were employee or contractor mistakes; lost or stolen laptops, smart phones and storage media; and procedural mistakes.

Sensitive information is more likely to be compromised when the data has been outsourced, 70 percent of the respondents believe, but 62 percent do not have contracts that require third parties to cover all the costs associated with a data breach. Seventy percent of small business owners said they would purchase insurance to help pay for the costs if data is breached.

At least 85 percent share customer and employee records with third parties such as those providing billing, payroll, employee benefits, web hosting and information technology services. When asked which type of lost or stolen data was more likely to harm their business, 70 percent agreed the loss of personally identifying information was more damaging than confidential company data.

The Ponemon Institute surveyed small businesses with annual revenues of less than $10 million for Hartford Steam Boiler, which provides HSB Data Compromise insurance for small to mid-sized organizations. The program helps pay the cost of responding to a data breach and providing personal services to affected individuals.

Source: The Hartford Steam Boiler Inspection and Insurance Co.