man on tablet

What is a cybersecurity breach?

It’s an unexpected, unintended, and/or unauthorized interference with an organization’s technology systems or the data the organization maintains. Today it’s been redefined in simpler terms:

It’s the risks businesses are exposed to by their very existence.

Costly? Yes. And not surprisingly, some companies don’t even realize they have suffered a cybersecurity breach:

  • 76% of business owners report that they believe it’s important to establish security practices and policies1
  • But only 47% say they have established security practices and policies1

Who causes a breach?

When we think of cyber attacks, we usually think of a hacker inserting a virus or malicious code into a computer system or network. But data breaches can be caused both intentionally and unintentionally by various types of users:

  • 52% of all data breaches (for small, medium, and large companies) are due to malicious or criminal attacks
  • 48% of all data breaches are due to system glitches (non-employee errors) and employee errors

What could a breach cost you?

  • It’s possible that a data breach could cost your business as much as $225 for each lost or stolen confidential record2
  • Small- and medium-sized businesses ended up spending over $1 million on average in 2017 on damage or theft of IT assets or infrastructure3
  • They also spent an additional $1.2 million due to disruption in business operations3

That totals over $2 million on a single incident.

Could it happen to you?

Small businesses can be a target for hackers because they tend to be more vulnerable:

  • 61% of small- and medium-sized businesses reported experiencing a cyber attack in the past 12 months, up from 55% in 20163
  • Only 21% of small- and medium-sized businesses rated themselves a 7 or above on a 10-point scale when it came to their IT security effectiveness3

What can I do to help protect my company against cyber attacks?

Here are some best practices:4

Security and defense systems

Put multiple, overlapping security and defense systems in place. These include firewalls, data encryption and antivirus security software.


Receive alerts for new vulnerabilities in vendor systems and platforms, and be sure to install any patches.

Password security

Implement a password policy to ensure the security and confidentiality of data.

Employee education

Educate employees on good security practices, and teach them how to spot phishing emails.

Disaster recovery plan

Develop a formal, well-tested disaster recovery plan. Update it regularly and make sure everyone involved in the plan understands his or her specific responsibilities.

Formal data retention, archive and destruction plan

Implement a formal data retention, archive and destruction plan and be sure to monitor it closely to ensure that it is followed.

Potential benefits of having cyber liability insurance:

  • Cover legal fees and expenses associated with a data breach
  • Pay for a professional information technologies review to determine the extent of personal data compromise
  • Notify customers about the breach
  • Restore control over customers' personal identity, within the constraints of what is possible and reasonable
  • Pay an outside firm to research, re-create and replace data lost or corrupted

Learn more about how cyber liability insurance can benefit your business from attacks and data breaches.

Will we be more susceptible in the future?

Cyber threats continue to grow as the Internet of Things (IoT) and the number of devices used by businesses continue to increase. Automated equipment, machinery, components, appliances, sensors, control panels and mobile devices increase the vulnerability of a computer system or network in several ways:

  • They often utilize unsecured or poorly secured wireless or cellular networks to transmit data
  • Mobile devices such as a land surveyor’s GPS equipment or an EMT’s mobile monitor are more susceptible to theft, allowing thieves direct, physical access to a network
  • Connected equipment and devices can be hijacked and used to launch dedicated denial of service (DOS) attacks, allowing the attacker to hide behind someone else’s IP address and computer
  • Connected equipment and devices that are widely manufactured and distributed, such as baby monitors, alarm systems and streaming devices often use the same security protocols on every device manufactured

Find out what cyber coverage works best for you.

Small Business Icon
Learn more about Nationwide business insurance Talk to a specialist  

1 Nationwide’s fourth annual Business Owner Survey (2018); Nationwide commissioned Edelman Intelligence to conduct a 20-minute, online survey between April 9-20, 2018, among a sample of 1,000 U.S. business owners. Business owners are defined as having between 1-499 employees, being 18 years or older and self-reporting as either a sole or partial owner of their business. The margin of error for this sample was +/-3 percent at the 95 percent confidence level. As a member of CASRO in good standing, Edelman Intelligence conducts all research in accordance with Market Research Standards and Guidelines.
2 2017 Cost of Data Breach Study: United States, Ponemon Institute, June 2017
3 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB), Ponemon Institute, September 2017
4 Symantec Internet Security Threat Report, April 2017

This information is designed for informational purposes only. It is not legal, tax, financial, or any other sort of advice; nor is it a substitute for such advice. The information on this site may not apply to your specific situation. We have tried to make sure the information is accurate, but it could be outdated or even inaccurate, in parts. It is the reader’s responsibility to comply with any applicable local, state, or federal regulations, and to make their own decisions about how to operate their business. Nationwide, its affiliates, and their employees make no warranties about the information, no guarantee of results, and assume no liability in connection with the information provided.

Insurance terms, definitions and explanations are intended for informational purposes only and do not in any way replace or modify the definitions and information contained in individual insurance contracts, policies or declaration pages, which are controlling. Such terms and availability may vary by state and exclusions may apply.