Data Breach Coverage: It's Better To Be Safe Than Sorry

With an estimated 1.8 zettabytes of information created and stored in 2011 alone, there has never been a more opportune time for hackers to challenge franchise data according to a DC Digital Universe study. Numerous yearly reports announce the increasing strain of data breaches among large and small businesses alike. Since it may seem impossible to predict and protect against each possible scenario, have you considered breach coverage or breach to act as a fail-safe solution?

The real cost of compromise

What many businesses don't realize is that the compromise fine assessed by most merchant processors ($5,000 to $50,000) is only the beginning of penalties associated with a data breach. Other costs may include the following:

  • a required forensic investigation ($12,000 to $100,000);
  • onsite assessments by a certified Qualified Security Assessor (QSA) for years following the breach ($20,000 to $100,000);
  • an increase in monthly card-processing fees;
  • year-long credit monitoring services for compromised customers;
  • card reissuance penalties ($3 to $10 per card);
  • customer fraudulent charge reimbursement;
  • federal/municipal fines;
  • loss of customers;
  • brand damage, especially if negligence was a determining factor; and
  • legal fines, if sued by customers.

Breach coverage: the best medicine

For franchisees looking to mitigate business risk, breach coverage is no longer optional. Many professionals state, "It's not a matter of if you are breached, but when." When all other security protocols have been followed, breach coverage exists to address the financial hardships your business will endure in the aftermath of a compromise.

Financial assistance

Most breach coverage programs cover costs relating to a card data compromise up to a financial limit (e.g., $100,000). The best breach coverage programs cover all compromise expenses relating to the Payment Card Industry Data Security Standard (PCI DSS), HIPAA requirements, and the Gramm-Leach-Bliley Act data security standards. Beware of breach coverage or breach insurance programs that narrowly interpret industries, or that allow expenses to be spent only on specific fines and penalties relating to a breach. Breach protection makes the most financial sense when combined with other that reduce actual risk, such as internal scanning tools that help find and remove stored card data, and strong policies that help prevent data loss.

Security policies

Business security often fails because organizations lack security policies that regulate employee interaction with sensitive data. In fact, 87 percent of small and medium-sized businesses don't have a formal Internet security policy for employees, according to the National Cyber Security Alliance and Symantec. Some breach coverage programs include templates that offer general security guidelines that franchises may use to create customized company policies for employee to secure payment card processing.

Liability discovery tools

Unprotected card data is the number-one reason hackers target businesses. Implementing a card data discovery is one of the most important security measures a franchisee can perform to immediately reduce liability. Most franchisees don't contemplate the entire lifecycle of data, and don't realize payment card data may be stored on their system. A card data discovery tool sniffs a network and locates unencrypted payment card data for secure deletion. A study by SecurityMetrics found that 71 percent of merchants store card data, often unknowingly. The key to effective card data discovery is to deploy a tool that searches quickly, accurately, and with as little disturbance to systems as possible. Some breach coverage products include such a tool to locate card data.

Is it worth it?

The cost and amount of breach coverage varies by provider. For example, SecurityMetrics Assurance includes a card data discovery data protection policy, security consulting, and covers $100,000 in the event of a breach. It is available to franchisors for as low as $70 per year per merchant ID (MID).

Reflect on these three factors when considering what coverage plan is right for your franchise:

  1. Flexibility. Will your vendor cover more than just regulatory fines, such as card reissuance and response costs?
  2. Coverage and premiums. How much will a breach coverage program cost you per month/year, and how much coverage does your franchise need? The size of your franchise will help determine which type of breach coverage fits best.
  3. Vendor options. Does your breach assurance provider include additional risk mitigation tools or discounts for PCI-compliant businesses?
If you handle, process, or transmit a single card over your network, you are at risk of financially damaging your business. To fall back on the overused phrase, it's better to be safe than sorry with breach coverage.

Peter Clark is manager of franchise sales at SecurityMetrics, responsible for establishing and fostering relationships with franchisors, strategizing corporate payment security initiatives, and internally centralizing franchise communication. He can be reached at or 801-995-6431.

Social Reach:

Viewer Response:

comments powered by Disqus

Top Opportunities »

Subscribe »

Multi-Unit Franchisee Magazine

The only publication dedicated exclusively to the hottest topic in franchising - Multi-Unit and Multi-Brand Franchisees.

Attend »

Multi-Unit Franchising Conference

Multi-Unit Franchising Conference

APR. 27, 2016 | Caesars Palace, Las Vegas, NV

A unique event because it is highly influenced by its advisory board, consisting of the very best multi-unit franchisees. The board works diligently to ensure that the conference delivers on its promise of being the best platform for franchisees to learn how to grow their businesses.

A Franchise Update Media Group Production
Franchise Update Media | P.O. Box 20547 // San Jose, CA 95160 // PH. (408) 402-5681
Copyright © 2001 - 2015. All Rights Reserved. Site Hosting Provided By: wishVPS on FUMG3

In Loving Memory Of Timothy Gardner (1987-2014)