A few weeks back, we opined about the need for cannabis companies to focus on data security in 2020. We noted that the industry was particularly vulnerable to data breaches given the sensitive personal information maintained by cannabis companies and the abundance of cash-strapped start-up entities in the industry.

Experian recently issued its “Data Breach Industry Forecast 2020” (available for download here) and echoed many of those same themes. According to the report:

Many burgeoning companies, like cannabis retailers, may not fully invest in protective, cybersecurity measures as core parts of their business models due to competing priorities. While any retailer is always a target for cybercriminals, cannabis retailers present a bigger target due to the nature of their business. And medical marijuana dispensaries may be an even bigger target due to the ready access they may provide to personal medical records, many of which may prove to be very valuable on dark web forums.

Cannabis companies remain cash-strapped due to limited access to traditional lines of credit and other funding sources. Nevertheless, we continue to caution cannabis companies against being penny wise and pound foolish by neglecting cybersecurity. The risks of attack are high and the consequences of a successful data breach could be catastrophic. Cannabis companies should invest appropriately in cybersecurity systems that defend against attacks and cybersecurity insurance that protects against both first-party and third-party loss.

We will continue to monitor cybersecurity issues here on our blog, and feel free to reach out to our cannabis, cybersecurity, and insurance teams with any questions you may have.