What type of data do you collect and store about customers, employees, and businesses? Do you rely on an online presence and use e-commerce? Do you store data on cloud storage? Or have employees who use their personal devices for work? These are only a few situations that have been proven to increase the risk of a cyber attack.
Cyber risks are relatively new, but quickly growing to be a substantial exposure to all businesses, big and small. The possibility of cyber liability lawsuits is a reality that every business owner should consider, especially small business owners. Small businesses feel the effects of cyber attacks stronger due to limited resources. Thus, are more vulnerable.
The negative effects and risks of a cyber attack include:
- Identity theft & personal information of you and your clients released (credit card numbers, passwords, address, email address, social insurance number, etc.)
- The significant loss of time and money to resolve the situation
- The loss of trust and credibility with your stakeholders.
- Loss of intellectual property
%
of businesses affected say they've lost customers due to a privacy breach.
What Is Cyber Liability Insurance?
According to some sources – it’s not a matter of if, but when, your business wil be attacked. When your business undergoes a cyber attack, cyber liability insurance provides solutions to help protect and restore your business, reputation, and your customer’s trust. Cyber liability also can cover legal costs in case of a lawsuit. As cyber-attacks are on the rise, cyber insurance coverage acts as a risk solution. With the right cyber liability policy, you could avoid the expenses and harm to your brand that can otherwise result from a cyber breach.
Who Needs Cyber Liability Insurance?
Just about every business relies on an online presence and handles customer or client data online these days. Living in this new reality, every business should have at least basic levels of cyber insurance. Or at a minimum, consider what else may be needed to safeguard your business, regardless of industry.
Many businesses have learned the hard way that there’s no such thing as perfect cybersecurity. Although having security measures is extremely important, the truly dangerous part is once a data breach has occurred. Since cyber-attacks are not fully within your control, breach response is something you can plan for. Cyber Liability Insurance helps transfer those exposures to the insurance company.
%
In 60% of cases, attackers are able to compromise an organization within minutes
%
of users open emails and click on phishing links within the 1st hour
%
of Canadians would rather do business with companies that have a good reputation for privacy practices.
What does Cyber Liability Insurance Cover?
First-Party Coverage
First-party coverage handles the costs associated with the direct response to a cyber attack/event to your business. When a cyber-attack is suspected, these coverages and resources go into immediately resolving and mitigating the problem.
Examples include the cost of:
- determining the size/cost of an event
- legal advice
- hardware replacement or data restoration
- credit monitoring and crisis management (public relations to manage reputation)
- business interruptions
- notifying affected parties
Third-Party Coverage (Legal Costs)
This coverage is designed to cover the costs of the after-effects of a cyber attack or breach on other companies. Often these costs are greater than first-party coverage costs.
Examples include the cost of:
- privacy liability lawsuits by employees or customers affected by the data breach
- copyright lawsuits after intellectual property is exposed
- breach of contract and negligence lawsuits
- investigations, fines and penalties (insurer dependent)
Cyber Liability can include the following coverages:
Network Security & Privacy Breach
Helps you react quickly in the event of a data breach.
Privacy Regulatory Defense and Penalties
Digital Asset Loss
Covers cost to replace, restore or re-collect digital property from written or electronic records.
Privacy Breach Coverage
Covers privacy breach expenses, and optional privacy breach liability (covers defense costs)
Business Interruption Loss
Covers certain loss of income resulting from the breach.
Cyber Extortion Threat
Offers financial support to meet a hacker’s ransom demand.
Common Cyber Attack Methods
Crimeware/ Malware
Once having invaded a system, hackers have full control of the machine to access/share all confidential data.
Ransomware
Malicious software blocks access to devices, systems, or files until the user pays a ransom.
Miscellaneous Errors
Errors made by insiders, usually by delivering confidential information to the wrong party, publishing the wrong content, or an error in disposing information.
Denial of Service Attacks
Occur when a legitimate individual cannot access a website due to a hacker flooding the website with more traffic than it can handle.
Phishing
Attacker gets victims to take on an action (opening a malicious attachment or clicking on a bogus link) by appearing as a trusted source.
Common Breach Scenarios
Lost or stolen devices (mainly laptops and storage devices)
Improper document or office equipment disposal
Breach caused by a third-party vendor
Accidentally mailing or emailing the wrong individual
Unintended posting or sharing of sensitive data
Employees that use personal devices at work / Store data on cloud storage
Were found to experience more impactful cyber incidents.
Important Points To Note
- Business Owners are required by law to report cyber attacks and breaches. Companies must also maintain a record of every breach incident that occurs within their organization, and keep those breach records for a minimum of two years.
- Small companies are often the targets of cyber attacks due to their lack of security measures.
Learn more about cyber security and what you can do to minimize the risks below:
Sources:
49% Stat – Symantec 2012, State of Information Survey
60% & 49% Stat – 2015 Verizon Data Breach Investigations Report.
81% Stat – https://www.priv.gc.ca/en/
Insurance Bureau of Canada
Privacy Breach Fact Sheet – Aviva