Seventy-five percent of insurance brokers and legal experts noted that their small business clients were either ‘not prepared at all’ or ‘not very well prepared’ to respond to a cyber incident,” according to a May 2017 report by U.S. data firms Advisen and Experian. The report highlights the “misconception that small businesses are too small to be targeted by hackers, when in reality they are often the lowest hanging fruit.” The report also states that less than a quarter of experts’ small business clients “were confident in their team’s ability to manage a cyber incident.”

Phishing and social engineering remain top concerns of risk managers and experts. As Aird & Berlis lawyers Paige Backman, Donald Johnston, and Meghan Cowan noted in a February 2017 webinar, 60 to 90 percent of threats of IT systems are caused by “insiders”— people who have authorized access to hard and soft technology assets, including employees, contractors, business partners, suppliers, service providers/subcontractors and technology escrow providers. Please access the webinar archive and PDF presentation for more information, including steps to mitigate threats to your IT system.

Data security risk increases in the context of employee turnover. Please see lawyer Aaron Baer’s recent post on how to protect sensitive and confidential corporate data when an employee leaves.