Earlier this week, SafeNet, a data asset security firm, published a report detailing the breakdown of 2013 data breaches by industry. The report revealed that data breaches affect various industries in vastly different ways, causing far more data exposure on a per-incident basis in some fields than others.
The numbers are of particular interest to technology freelancers and owners of small IT businesses that serve clients in the fields SafeNet examined, which include healthcare, government, finance, retail, technology, and “other.” Specifically, examining SafeNet’s data breach statistics by industry can give technology professionals valuable insight into the magnitude of their clients’ (and their own) exposure to data breaches.
Retail Breaches Are the Largest
SafeNet’s report shows that the number of records exposed per data breach incident varies greatly by industry:
- Healthcare: 49,000 records per breach
- Government: 630,000 records per breach
- Finance: 112,000 records per breach
- Other: 619,000 records per breach
- Technology: 5.7 million records per breach
- Retail: 6.6 million records per breach
The likely reasons are not hard to deduce: by nature, retail businesses tend to process more transactions than businesses in other industries, and thus have more stored customer records. When retailers suffer breaches, then, cybercriminals have access to more records than they do when businesses in other industries are breached.
Because of this, software developers, security consultants, website designers, computer repairers, telecommunications professionals, and other IT professionals have a significant third-party exposure to data breaches through their retail clients.
If a retail business suffers a data breach, it can sue anyone it believes contributed to the breach. Naturally, technology service providers are frequently on that list.
To reduce the likelihood that a lawsuit will decimate business finances following a data breach, IT professionals and small-business owners who serve retail clients should take the following security measures:
- Contact your insurance agent to verify that your Errors & Omissions Insurance limits are adequate to handle a data breach lawsuit. For technology companies, suits related to data breaches are matters of professional liability and can be funded with appropriate Professional Liability (aka Errors and Omissions) Insurance.
- Review procedures for contacting your insurance provider about a claim. Most insurance providers are easier to work with when they’re contacted immediately after a potential claims incident. So as soon as you hear about an event that could trigger a lawsuit (e.g., a client emailing you mentioning that they think some of their client data might have been exposed), contact your insurance provider. You don’t have to wait to receive notice of a lawsuit to make that call.
- Talk with clients. Because your biggest data breach liability exposure likely comes from your clients, it’s important to talk with them about how to prevent data breaches. That means reviewing policies for updating passwords, creating strong passwords, installing antivirus software, updating software with patches, and keeping computers and mobile devices locked when not in use.
Other Precautions to Take: Prepare for Healthcare Data Breaches
One final note about preparing to handle client data breaches: while retail breaches may expose the highest volume of records, they’re not the only kinds of data breach IT professionals should prepare for.
Data breaches at healthcare facilities tend to affect fewer records per breach, but may have greater financial implications for any technology companies involved. Why? Because healthcare breaches may expose Protected Health Information (PHI), which is regulated by the strict federal laws HIPAA and HITECH. Those responsible for data breaches of PHI can be slapped with fines of hundreds of thousands of dollars or more.
The bottom line is that IT professionals should be prepared for data breaches regardless of what industry their clients are in. But, according to new numbers published by SafeNet, those serving retail and healthcare businesses should be especially vigilant.
