Q&A with Joseph Talmadge
Many small businesses are utilizing third-party software companies, oftentimes larger companies, to help run their businesses, primarily for payment processing and administrative services. To the extent that another company hosts the technology infrastructure for a small business, there can be risk that was not considered because the small business is focused on its core competency. Oftentimes, little thought goes into the risk management standards of the partners that a small business is doing business with. An easy example is any company using a credit-card processing system or an HR and payroll admin system.
There are several large companies that run HR and payroll software and house personally identifiable information, and there are many emerging payment-processing companies. These software companies provide a valuable service. That’s great and it makes life easier, but how many small companies are actually asking for the details of the E&O policy for these software companies or the PCI compliance of their payment processor? Most small businesses don’t ask.
Also, it is quite common today to have a cloud platform being used on the back end to run whatever service the business is providing. If that third-party service goes down, has the question been asked: what’s my business interruption risk? Your traditional business interruption insurance simply will not cover this. As a small business, they may not have thought about how another company’s system going down might impact theirs.