Most small private companies ignore the risk of data breach, despite serious concerns over the financial consequences of a breach, according to a just-released survey from Chubb.
Some 92 percent of executives surveyed did not believe it likely that they would endure an electronic breach of confidential customer information that would require them to comply with costly notification laws in more than 40 states.
WhatÃ¢â‚¬â„¢s more, most (67 percent) of the companies in ChubbÃ¢â‚¬â„¢s survey do not have an incident response plan for an electronic security breach.
Yet a breach of electronically-stored private customer data was seen as the third most financially damaging event a company could experience, according to the survey.
The findings come as a list compiled by the Privacy Rights Clearinghouse shows that more than 500 million sensitive records, such as personal medical records, credit cardÃ‚ and social security numbers,Ã‚ Ã‚ have been compromised due to data breachesÃ‚ in the U.S. since 2005. And the Clearinghouse says this is only a fraction of the total number of breaches.
Ahead of data breaches, an employment practices lawsuit followed by employee theft were the most financially damaging events a company could experience, according to ChubbÃ¢â‚¬â„¢s survey.
Nearly one in five (16 percent) of those surveyed expect an EPL charge would be lodged against their firm in the next 12 months.
Meanwhile, 54 percent expect their employees would steal company funds, equipment, inventory or merchandise in the next year. Just 30 percent of companies have experienced such thefts in the past five years.
The Chubb Private Company Risk Survey interviewed decision makers at 451 U.S. for-profit companies, more than 90 percent of which had annual revenues of less than $25 million.