Large corporations have entire departments dedicated to cybersecurity because they know how serious the cost of a privacy breach can be — both in terms of their reputation and their immediate bottom line. Small and mid-sized businesses (SMBs), however, are at just as much risk, sometimes more.

“There’s a misconception that hackers only target big companies,” says Tracy Krunic, Vice President for Commercial Lines at Intact Insurance. “Any small business that collects any amount of personally-identifiable information is at risk.”

Vigilance is key to cyber resilience

When SMB owners are serving as the head of the IT, HR, sales, and administrative departments, it can be easy to let this risk fall off the radar — but the consequences can be potentially catastrophic, both financially and legally. “It’s important that people understand what their legal obligations are,” says Krunic. “Canadian privacy breach notification rules are changing on Nov. 1st, so it’s a great opportunity to take the time to get educated on them.”

Fortunately, SMB owners are increasingly realizing that cybersecurity is not just an IT issue, but also a governance issue. Having an appropriate cyber-insurance policy is just as important as insuring against fire or flood. “The options for cyber-insurance are growing every day, just as the risks are,” says Krunic. “Business owners should speak with their broker to find out the best policy for their needs, just as they would for insurance against fire or liability.”

Newer policies specifically insure against privacy breaches and the expenses that follow, from remediation to credit and fraud monitoring, and from legal expenses to potential loss of income stemming from business interruption. “The cost is pretty minimal compared to what it might cost you after a breach if you don’t have protection,” says Krunic. “It’s a growing concern, as more and more businesses are taking aspects of their operations online. The peace of mind is absolutely worth it.”