The Small Business Administration has reported that the cost of regulatory compliance for small companies is 36% higher than for large companies. That's not good news for America, since small businesses – especially micro businesses – are the nation's primary source of new jobs.
Certainly, the more business owners have to allocate employee talent and financial resources to keep up with regulations, the less they can allocate to new product innovation and other productive job building pursuits.
One area of fast-changing state and federal regulatory overload involves data management. Companies that keep credit card information for online and mobile transactions, social security numbers or medical information are especially vulnerable to data mishaps from lost laptops or theft. These regulations affect startup Internet companies as well as the neighborhood chiropractor, bookkeeper and used car dealer.
"For small businesses, any single incident can turn into a costly nightmare of administration associated with notifying customers and complying with state laws," says Ray Sprague, senior vice president of small business commercial insurance for The Hartford.
When small businesses experience a breach of data security, it is the company's responsibility to quickly understand its legal responsibilities for notification to potentially affected consumers or employees plus implement administrative cures to help prevent future breaches. The surprising gotcha to business owners is not all data breaches involve criminals, but simple clerical errors. And even if there isn't any apparent "harm" small business owners are still obligated to follow specific rules, which vary state to state, to notify individuals, pay for credit monitoring services or implement other administrative remedies.
Matt Cullina, CEO of Identity Theft 911 says that the total legal and administrative costs of responding to a first time data breach can be as high as $100 per personal data record, which can overwhelm most small businesses in terms of time management and financial liability.
So what can you do to protect your business from malicious data theft and the regulatory aftermath? In partnership with Identity Theft 911, The Hartford recently introduced a practical approach to helping small business owners minimize many of the most costly problems associated with electronic or physical paper data breaches.
Small business owners can purchase different levels of additional coverage to a standard small business general liability policy. This coverage includes access to a broad range of information services and tools provided directly by Identity Theft 911 to help business owners beef up their internal administrative controls for more secure data management. And if the unthinkable happens, business owners can immediately tap into crisis management expert assistance to take the guess work out of time-sensitive regulatory compliance. The coverage can also cover customer notification expenses and good faith advertising to help repair a company's public reputation.
What I like about this coverage is that it is available to any kind of small business organization -- sole proprietorships, corporations or limited liability companies. Even better, business owners can keep track of changing regulations and receive best practices guidance at a far lower annual cost than a single visit to a local attorney. According to Lynn LaGram, assistant vice president of The Hartford's Small Commercial Underwriting, the average first party data breach endorsement policy costs under $75, depending on the nature and volume of sensitive data collected as part of a company's operations.
Unfortunately, small businesses are a top target for a growing range of cyber crimes. Perhaps thieves assume that small businesses just don't have the technical resources to protect against malicious hacking. It's something business owners can't ignore any more because states are no longer giving small businesses a free pass on their data management obligations. It's time to upgrade their online and offline administrative practices, plus put in place some partners to help manage the fallout in the event of a breach.
Susan Schreter is a 20-year veteran of the venture finance community and entrepreneurship educator. Her work is dedicated to improving startup longevity in rural, urban and suburban America. She is the founder of www.takecommand.org, a community service organization that offers the largest centralized database of startup and small business funding sources in the U.S. Follow Susan on Twitter @TakeCommand.