Get prepared for the inevitable data breach


Michigan Retailers Association had to utilize their disaster plan in December when a sewer pipe burst on the third floor of the headquarters building. Thankfully, it was, in the grand scheme of things, a minor disaster (we have plans for small, medium and large events) and was easy, though messy and a little smelly, to resolve.

That made me think of small business owners. As a young man, I was a Boy Scout and the Scout motto was “Be Prepared.” Are you prepared?

Much like people don’t want to talk about funerals and other end-of-life issues, the whole concept of disaster planning is not what gets most business owners going on a Monday morning.

While everyone hopes their business is never subjected to a cyber attack, the fact is that bad things happen. The latest Verizon report stated that 43% of all cyber attacks are targeted at small businesses. Hopefully, it will never happen to your business but now is the time to make sure your business is handling cyber security correctly. Everyone should think about digital disasters and “what if” scenarios.

As a business owner, if the unthinkable happens and you have a data breach of some sort, you will need to have a plan for what to do. In today’s litigious society, burying your head in the sand and hoping it goes away will only serve to make the subsequent lawsuits and government attention even more painful.

If you use Michigan Retailers Association for your merchant processing, we provide access to coverages with a limit of $100,000 per merchant number and a total limit of $500,000 per company. This coverage includes the needed tools to respond to this type of event. Review the coverages we provide at This will help you make sure you understand the areas that you need to be focusing on.

One nice aspect of this coverage is that we know you are not an expert in dealing with this type of situation and, if there is ever a cyber attack on your business that results in a breach, you will need professional assistance. By starting the process with a call to us or the claim department, you will be connected with one of the attorneys assigned to this program that will discuss the next steps in the process.

Once you are connected with this attorney, they will start the process of gathering information:
• Date of breach?
• Description of breach?
• Number of individuals affected?

Based on the above, the attorneys will determine the next steps:
• Forensic audit required
• Government mandated notification requirements
• Crisis management team needed to handle media issues
• Government fines or card association penalties

If a forensic audit is needed, they will coordinate those details with the appropriate vendor as well as notification requirements. Crisis management personnel are also available to help manage the media issues surrounding a data breach.

Your merchant processing relationship with Michigan Retailers Association also includes coverage for any fines or fees from the card brands or government agencies as part of the policy limit mentioned above.

Data breaches aren’t just credit card related. If you are a member of Michigan Retailers Association and also purchase your workers’ compensation insurance from Retailers Insurance Company, you have a very similar $100,000 coverage that is available, if needed. The RIC policy provides automatic coverage if your business account is hacked, with a sublimit coverage for ransomware attacks.

Ransomware is when a person accesses your computer and locks you out. They then demand payment to allow you to have access to your data. There are more and more reports in the media about businesses and governmental units being attacked this way.

As always, please feel free to contact one of our customer service team members if you have any questions about this issue or would like a copy of the coverages.