Small Businesses Are Data Breach Victims, Too

September 27, 2015| Von Mindy Pollack | Cyber Risk | English

Region: North America

Did you know that a pizzeria in Maine fell victim to the same type of point-of-sale cyber attacks that are targeting big name retailers? I visited the restaurant while in the area to discuss Cyber Insurance at a Maine CPCU (Chartered Property Casualty Underwriter) event. That visit reinforced the reality that small businesses suffer data breaches and need  insurance protection as much as the Sonys, Home Depots and Anthems of our corporate world.

In a previous post, I discussed the significance of breach response services and why all insurers and vendors are not alike. In this post, I focus on why quality breach response service is so important for small businesses.

First, let’s get this out there: small businesses suffer data breaches, too. In preparing for the CPCU presentation, I found a resource for data on Maine that is available in several states - a list of all businesses that were breached and provided notifications to state residents. In other words, you can see the long list of all businesses that suffered a breach beyond the big names in the news. Most of the 661 breaches in Maine (over a nearly three-year period) involved large out-of-state companies, but not all. In addition to the pizzeria, breach notifications were sent by many small entities, such as:

  • Oil delivery company
  • On-Line and local retailer
  • Restaurant/brewery
  • Physicians practice
  • State historical society

Schools, banks and hospitals were also listed, as you would expect. The point is that local small businesses, which populate many insurance company books of business, had breaches triggering notification requirements.1  

How big a slice of the data breach pie is represented by small business? According to the 2015 Verizon data breach report, the picture looks like this:2

Second, breach response service is important to small businesses lacking the internal resources to deal with it. When Fortune 1000 companies are attacked, they have large IT and Corporate Law departments to help them through the disaster. They likely have general and specialized firms on retainer as well.

The small restaurant, oil delivery, doctor's office and retailer do not have those resources. Where can they turn when the unexpected happens? Who will guide them through the forensic, legal and public relations mazes that are part of data breaches?

By having Cyber Insurance protection, the small business can send an SOS and get quality forensic, legal and public relations support, with as much handholding as desired. That service is embedded in Gen Re’s U.S. Cyber Insurance product and provided by Beazley Breach Response (BBR).3  We partnered with Beazley because we wanted to offer deep expertise from handling all breach types and sizes combined with the dedication of a unit focused on smaller risks.

lf small businesses represent more than one-half of all breaches where size is known, and almost one-quarter of total breaches, the need for coverage cannot be ignored. You might think “It won’t happen to my insureds” but it could. If you have a pizza restaurant, oil delivery, doc office or retailer in your book, remember that it has happened to insureds just like yours. When they call for help, will you have a good answer?


1.The Maine site is A few other states offer similar access, such as New Hampshire at
2. Verizon defines small business as <1,000 employees.
3. Beazley received the highest industry rankings for breach response services. For more about their experience and expertise, go to

Our Expertise: Data Breach Response and Cyber Liability. Learn more about our insurance and reinsurance solutions.


Stay Up to Date. Subscribe Today.


Lernen Sie unsere Experten kennen

View Contributors