Assessing and Mitigating Data Breach Risks for Commercial Lenders

Hackers may steal sensitive data from retailers, manufacturers, health care providers, contractors and professional services firms of all sizes. However, closely held borrowers stand to lose the most, because they typically lack the resources to absorb losses from data breach. In a high-tech world, every lender’s due diligence should include an inquiry into their borrowers’ data protection efforts.

Coping with rising costs

In May, the Ponemon Institute, an independent information security research firm, published its annual Cost of Data Breach Study, which revealed that the average data breach in the United States costs $6.5 million. This is 11% higher than Ponemon reported in its 2014 study. U.S. data breaches cost an average of approximately $217 for every lost or stolen record — the highest of all 11 countries in its 2015 global study.

There are several explanations for the rising cost of data breaches, including the growing frequency of sophisticated, malicious cyber attacks and the mounting costs to resolve security incidents. Costs that borrowers may incur during a data breach vary significantly by industry. For example, health care companies tend to lose more per stolen record ($398) than entities in the public sector ($73) or hospitality industry ($135).

When tallying up fraud losses, stolen assets (such as customer lists and trade secrets) and lost profits are the most obvious direct costs. Data breaches disrupt normal business operations and make customers leery.

Plus, victim organizations need to spend money to recover stolen data, respond to customers and other stakeholders, and remedy weaknesses in the company’s internal controls that provided an opportunity for hackers to steal the data. And over the long run, data breaches can tarnish a borrower’s reputation and goodwill in the business community, especially when it happens more than once.

Taking charge

Many companies purchase data breach insurance as an addendum to their commercial liability coverage. But the Ponemon study reports that insurance protection reduces data breach by an average of only $4.40 per record. So, borrowers need to take direct action to reduce the risk of data breach.

To assess a borrower’s risk level, ask what management has done to:

• Encrypt electronic data,
• Secure computers, smart devices and other IT equipment, including those used off-site,
• Train employees,
• Formalize protocols to protect (or safely destroy) paper records and computer equipment, and
• Establish a data breach incident response plan and team.

Just as cyber criminals work collaboratively to steal data, businesses also should collaborate with supply chain partners to defend against stolen data. A borrower is only as protected against data breach as its weakest supplier or customer.

Have questions about data breach risks for commercial lenders? Or, are you looking for more information on our commercial lender services, including SBA valuation? Contact Timothy Howe at 404-874-6244 or fill out our form for more information.