Our world is digital, and the collection of valuable data brings with it a new and frightening exposure to business owners and organizations of every size. A security breach in your computer system might cause drastic financial distress, but it could also bring a reputational hit, shaking the confidence of your clients or members and resulting in a much longer-term impact than you might anticipate.
With the wide media coverage of the security breaches that have happened at larger corporations over the past few years, including Wal Mart, Target and Sony, small business and not-for-profit organizations still have a tendency to believe they are not a target for cyber criminals. As a result, they are hesitant to spend the necessary time and money to improve the security of their computer systems. However, cyber attacks against small organizations is significantly on the rise, with small business accounting for over 70% of cyber breaches in Canada! With easier access to small business, the hacker is aware that their hack into the computer systems of the unprepared small business could easily provide a doorway to not only confidential customer information, but also the back door into larger partner supply chains.
Whether the breach of confidential data is a result of an attack conducted by a sole hacker, an organized cyber-crime group, or by the accidental loss or theft of an employee or volunteer’s laptop or smartphone, the result of the breach will be costly to the organization, unless Cyber insurance has been purchased!
Cyber Insurance
The Canadian insurance market offers many choices for Cyber Insurance. Often, the coverages may be selected and customized to meet the specific needs of the organization. Most commonly, a Cyber policy will provide two areas of protection:
- First party coverage expenses – to cover the costs incurred by the organization, following a security hack. Costs and expenses typically covered by a Cyber policy include:
- Crisis Event management: the cost to hire a specialized public relations firm to mitigate negative publicity and restore confidence ins clients/members/public
- Notification Expense: the cost to notify every client/customer/supplier/business partner regarding the breach and, where applicable, the cost to provide them with credit monitoring services.
- Investigation and Remediation Expense – the costs to hire a Breach Response firm to assist and restore/replace/reproduce computer programs that were damaged or destroyed by the hack/virus/breach
- E-commerce extortion – to replace money paid by a business to an extortioner, in response to a threat that confidential information will be disclosed to the public.
- Loss of Earnings – to replace lost earnings if the business operations are interrupted as a result of the breach.
- Third Party coverage – providing legal defence to the business if a law suit is brought by disgruntled clients, customers, suppliers, business partners etc. that allege they have suffered financially as a result of the breach of their confidential information.
Businesses and non-profits will benefit from a tailored cyber insurance policy, and the customizable nature of this product means organizations of all sizes may find their fit in coverage and pricing.
Consider the following when purchasing Cyber Insurance:
- Data – What is the nature of the data you hold? Is it primarily client/member contact details, or do you have more privileged information, such as medical, payroll, or credit card information. How many records do you retain?
- Protection – What protection measures do you have in place for your data? Is your organization using cloud-based services, like OneDrive or Dropbox, or do you store your information locally on a physical server or computer? Are anti-virus and firewall programs running and actively updated? Do you have password protection measures and limit access to only those who require the use of the data?
- Possible Loss – What is the possible scope of your loss? What is the potential damage to others if your data is breached? Would it be a loss of client email addresses, possibly some proprietary information, customer personal or business financial information, or private medical information, that could have serious ramifications?
Even when a breach involves only personal contact information (email addresses etc.) in which there is no evidence of resulting malicious activity, Canadian courts are awarding a minimum of $500+ per lost record. If you hold hundreds or thousands of records, this will easily result in a financially devastating loss. The addition of a Cyber Insurance policy to your commercial insurance portfolio will not only provide peace of mind, but also grant access to through your Insurance provider to professional resources that will provide invaluable assistance to your organization, not only at the time of loss, but proactively, to prepare and manage cyber risk in advance of any breach.