When you hear about cyber attacks and "data breaches, many people think of a rogue hacker infiltrating a computer system to steal people's information.
Those types of cyber criminals are a very real threat, of course. But a majority of data breaches are a result of a far more mundane and ordinary events, like a stolen laptop or an unwitting click,
Cyber liability claims examples
Small businesses are increasingly at risk of a cyber attack, but this is by no means the only threat. Here are some of the more common incidents that lead to a cyber or data breach claim.
A regional retailer contracted with a third party service provider. The service provider was targeted by a thief, who stole five of the service provider's laptops. The computers contained the personal data of over 80,000 clients of the retailer.
According to applicable notification laws, it was not the service provider, but the retailer who was required to notify each of the 80,000 affected individuals.
Notification and crisis management expense alone was approximately $5,000,000.
Small business hack
A business' computer was hacked by a teenager who stole social insurance numbers and bank account data from customer files. The jeuvenille sold the information to a website which then used it to create and sell false identities.
An employee believes she may be let go. In response, she steals personal information including names, addresses, social insurance numbers and other personal information from customer files.
She then sold the information to a relative who used the identities to fraudulently obtain credit cards. The affected individuals filed suit against the company for identity theft.
The business incurred notification and credit monitoring costs, and the legal expenses as well as the damages from potential lawsuits resulted in more than $500,000 in damages.
A manufacturer located in northeast Ohio was convinced to transfer $315,000 to someone in China based solely on what appeared to be a legitimate email request to pay for raw materials. They were able to arrest the funds before the transfer was complete, but it was a close one.
You might think this couldn't happen to you, or that you wouldn't fall for this kind of scam. But the FBI released information indicating that thieves had stolen $215 million in just over a year using this exact scam.
The businesses that were victimized probably thought that it couldn't happen to them as well.
A nosy ex-boyfriend wanted to find out what his ex-girlfriend was up to, so he sent her an email with a nasty surprise hidden inside: spyware. As soon as she opened the email, it monitoered the activity on that computer, sending him regular updates.
But the victim opened the email on her work computer. Over the course of two weeks, the spyware emailed the man more than 1,000 screenshots of confidential data on 150 customers.
The business incurred notification and credit monitoring expenses for the affected customers.
Data theft or cyber extortion
A Canadian information technology company contracted with an overseas software vendor. The vendor left certain “administrator” defaults on the company’s server and a “hacker for hire” was paid $20,000 to exploit the vulnerability.
The hacker demanded an extortion payment, otherwise he would post records of millions of registered users publicly online.
The extortion expenses and payments are expected to exceed $2,000,000.