In the last couple of years, the news has been filled with reports of big companies and public institutions falling prey to cyberattacks. However, if you run a small or medium-sized business you could easily be a victim too. Cyber risk liability insurance can protect your company.
Is cyber insurance needed?
Businesses of all sizes should have it. According to a report by the Business Development Bank of Canada, 16 percent of small businesses and 28 percent of medium-sized businesses say they have been targeted. Cybercriminals often view smaller companies as easier marks because they may lack the sophisticated defence systems employed by big firms.
Ransomware criminals can seize your computer network and won’t release it until you pay the ransom. The BDC found that ransomware crimes are up 170 percent in the past year. Phishing scams can allow thieves to access your vital customer data. Cloud-based data storage can be breached and credit card information exposed.
Cyberattacks can be expensive. In the BDC study, 30 percent of victims reported costs of more than $50,000.
If you do any of the following, you should have breach insurance protection:
- You store data on computer networks or in the cloud
- You provide software or hardware services
- You use point of sale
- You store customer data, including medical, personal and credit card information
What is cyber insurance?
Cyber insurance can compensate your company for a wide range of attacks, including malware, ransomware, data theft and breaches of your cloud security. Just about any company can be the target of an attack so it’s wise to consider this coverage.
What’s does cyber insurance cover?
Check with your insurance broker to determine what your policy will cover. Many business owners wait until after an attack to inquire and then realize that their insurance was not as comprehensive as they expected.
According to the Insurance Bureau of Canada, cyber risk liability insurance normally includes:
- The cost to respond to an incident
- Civil fines resulting from regulatory proceedings
- Legal costs and possible damages sought by customers
- The cost to notify affected parties
- Bills for public relations and crisis management experts
- Help from forensic investigators to determine the cause and extent of the breach
- Professionals to negotiate with the cybercriminals and potentially pay the ransom
- Repairs to your network and software
- Business interruption expenses
Here are some examples:
Online counsellor: Jane is a psychotherapist who conducts online one-on-one sessions with her clients. She is hit by a cyberattack and confidential patient data and credit card information is stolen. The insurance pays for the cost to notify clients and for legal costs.
E-commerce company: Waheed runs a successful online store for racquet sports, including pickleball, tennis, squash and badminton. He ships sports equipment across Canada. His system is hacked and the credit card information of thousands of clients is stolen. His insurance pays for repairs to his data system, the cost of notifying customers and legal expenses.
Law firm: Tony, a financial controller, got a call seemingly from the firm’s bank. The banker said that some suspicious wire transfers had been flagged and that he needed the account password and pin to freeze them. Tony gave the information and the transfers were blocked. However, the next day the controller checked with the bank and found out that no employee had made such a call. Upon further investigation, it was found that the fake banker had wired $75,000 to an overseas account. The bank refused to compensate the law firm for the loss since its employees were not involved and the controller gave out the password details. Fortunately, the firm had cyber insurance and was able to make a claim for the missing funds, less the deductible.
What does cyber insurance not cover?
Of course, this depends on your policy. However, the most common exclusions from cyber insurance are:
- Hacking or vandalism caused by one of your employees
- Damage due to a power surge
- Patent infringement
How much does cyber insurance cost?
It depends on the size of your company and the type of products and services that you provide. If you store a lot of customer data, the cost will be higher.
You can reduce the cyber risk liability insurance price by having in place strong security systems. It’s also important to train your employees at all levels to be on guard for cyberattacks.
For a small- or medium-sized business, the cost would between $750 and $1,000 per year, according to Zensurance
Cyber insurance companies in Canada
Here are just some of the firms that provide cyber insurance in Canada:
Travelers Canada
Chubb
Victor Insurance
Zurich Canada
SGI Canada
What other types of insurance coverage do businesses need?
Depending on the type of business, you may require this coverage:
- Commercial property insurance: Protects you if you own or lease commercial property, such as a store or an office.
- Product liability: Covers you if you manufacture or distribute a product that injures a customer
- Construction insurance: There are several types of insurance for the construction sector
- Errors and omissions: Covers professionals who provide advice and consulting services, such as lawyers and accountants
- Health insurance for you employees: A benefit to help you recruit and retain staff
In the case of health insurance, you can consider an alternative if you own a business. Instead of purchasing insurance, you can set up a Health Spending Account.
With technology being so prevalent in almost very sector, cyber insurance is vital. Even small companies can be targeted by cybercriminals. Contact your insurance broker to determine what you need and how it can protect you.
