Cyber-attacks are commonly known as organizational risks that businesses can be exposed to – they can originate from the comfort of a hackers’ home, anywhere in the world and with a simple click of a mouse. Regardless of the size of your organization, an organization’s operations are susceptible to online attacks from hackers and other criminals lurking online. A corporate website that does not meet best practices for information security could not only compromise proprietary data and information about the company’s clients, it could expose the organization to liability for not protecting its data.

Organizations should also take special care in securing mobile devices that contain client, employee, volunteer and/or member data.  The use of stolen smartphones, laptops, USB flash drives and tablets can provide access to your network when in the wrong hands.

According to netwrix.com, criminal hackers are devising new techniques all the time to attack organizations. Here are a few of the most common methods:

• Phishing: An attacker pretends to represent an organization to trick users into taking an action (such as opening a malicious attachment or clicking on a bogus link) that he or she would normally not take.
• Malware: Harmful software takes control of a machine, monitors user actions and keystrokes, and/or sends confidential data from the infected computer or network to the attacker’s home base.
• Denial of service attack: The hacker floods a website with more traffic than it was built to handle, making it impossible for legitimate visitors to access the site.
• Ransomware: Software that encrypts files to prevent users from accessing them and then demands payment for their safe recovery.

Spoofing: A cyber criminal impersonates another user or device to attack network hosts, steal information, spread malware or bypass access controls.

According to IBC, cyber insurance has evolved over the years as earlier iterations of cyber policies focused more on third party indemnity coverage and defense.  Now, the majority of markets will provide full limits on their forms. Regulatory fines and penalties, cyber extortion and first party business interruption followed soon after. Over the past few years, system failure coverage, social engineering, dependent business interruption and property damage to hardware and devices have been added. Cyber coverage is changing all the time – in line with the speed of change in the technology industry.

We hear about stories of cyber crime all the time. It used to be that most companies that fell victim to cyber attacks were large companies but it is now common for small businesses, non profits and sole proprietors to be impacted. This shows that there are risks that all businesses need to be aware of and prepare for as threats rapidly evolve from standard viruses to more complex vulnerabilities.

With new mandatory breach notification regulations enforced in Canada, IBC has stated that businesses should also have a heightened awareness of the need to comply with guidelines around record-keeping of data breaches and customer notification set out by the federal government, as should their brokers.

The biggest issue with a cyber attack is the cost to the business. The Ponemon Institute’s study around the costs of data breaches in Canada stated that the average total cost of a data breach for companies was $5.78 million in 2017 based on actual data loss incidents that affected 27 companies across 12 industry sectors. Cyber insurance can keep companies, no matter their size, from feeling the heavy weight of a data breach on their bottom line.

Cyber liability insurance, which is often excluded from a general liability policy, can offer a variety of coverages to businesses for breaches involving sensitive customer information, including:

• First party coverage to reimburse them for expenses incurred from the cyberattack
• Third party liability to protect insureds in the case of a hack of their data that impacts another business

Other coverages can also include business interruption, privacy liability, costs of notifying customers, legal expenses, recovering compromised information, and repairing damaged computer systems

If you’re considering purchasing cyber insurance, consider these 5 questions first:

1. How many records containing sensitive information does your organization retain or have access to?
2. What security controls can you put in place to reduce risk of having your system compromised?
3. Do all portable media and computing devices need to be encrypted?
4. What about unencrypted media in the care, custody or control of your third-party service providers?
5. Could you make a claim if you were unable to detect an intrusion until several months or years had passed?

So, if you are interested in learning more about cyber insurance and the coverage we can offer you please get in touch with us. We have a number of skilled insurance agents that have helped businesses like yours to protect their data and provide peace of mind for their business. Let us help you achieve the same in yours in 2020 and beyond.