Cyber Crime and Data Breach Considerations for Small Businesses

Did you know, of the Cyber Crime cases reported to Action Fraud, that 35% of all cases relate to businesses with less than 10 employees? And a whopping 59% to businesses with less than 50? Suggesting Small businesses may be particularly vulnerable to data protection breaches.

The General Data Protection Regulations (GDPR), defines a personal data breach as:
“A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to, personal data transmitted, stored or otherwise processed.”

Essentially any cyber-attack that renders personal data unavailable to the business, or available to unauthorised persons is a Data Breach. Where this affect the rights and freedoms of natural persons it would need to be to be notified to the supervisory authority within 72 hours.

The GDPR brought in new Rights for Data Subjects including redress in the event of a Data Breach, this incorporates non-material damages and distress. Data Subjects can support their own claims against a business by submitting a Data Subject Access Request under their Right of Access, to discover what happened with their data, and how the breach occurred. With PPI Claims now brought to a close, there is evidence that PPI lawyers are moving their attention to data breach claims. You can see this poses a potential risk, particularly for SME Businesses.

What can you do to protect yourself?

  • Consider your Risk Management – identification, analysis and control of the risks.
  • Manufacturers have built in two factor authentications for logging into systems and portable devices – these should be turned on and used
  • Password protection can be a good way of protecting documents where available. The latest software versions can provide very good protection, so even if attackers are able to enter a system, the personal data may still be secure.
  • Think ahead. What will you do in the first 24 hours of a cyber-attack, particularly if your system is locked out and you don’t have access to it? Are there telephone numbers or security details that it would be helpful to have in a separate secure location?
  • You may consider Cyber Liability Insurance to protect yourself and your business in the event of a cyber-attack. Insurance can cover such areas as:
    – Assistance and costs in the event of a Data Breach
    – Hacker damage
    – Unintentional transmission of a virus
    – Ransomware – cyber extortion
    – Business Interruption – compensation for loss of income in the event of an attack that prevents you earning revenue and
    – Crisis containment – offering expert support to mitigate reputational damage

Getting good quality advice from a reputable broker is always advisable, to ensure that you have the right cover for you own specific business requirements.

It will be important to consider the needs of your specific business, it’s size and complexity to ensure your peace of mind if the worst were to occur. However, these simple steps may help you to control the risks and effects of a potential cyber-attack.

About Balens Specialist Insurance Brokers
Established in 1950, Balens are a fourth generation, ethical, family run Insurance Brokerage focusing on guidance, support and service.

We specialise in Insurance for Health, Well-being, Fitness and Beauty Professionals and their businesses, Affinity Groups and Not-for-Profit Organisations. We offer a wide range of insurance services for both individual and business requirements.

For further details please visit our website at

Facebook: @BalensLTD

Leave a Comment