Why Buy Cyber Insurance?

Rehana MoosaBy Rehana Moosa

At a time when many businesses are suffering financially due to the pandemic, business owners may feel that cyber insurance is an unnecessary luxury.  After all, what are the odds that a hacker will attack their small business?

The odds are actually quite high.  Most cyber attacks target small businesses because they tend to invest less in cybersecurity, while still holding a treasure trove of personal information about employees and customers that cyber criminals can use to extort a ransom from the business.


According to a poll commissioned by the Insurance Bureau of Canada in 2019, 60% of small businesses do not have cyber insurance.  So what are the benefits of having cyber insurance?


Faster recovery time


In today’s digital age, businesses are increasingly reliant on technology and data to operate.  Any disruption to access to the technology and data can have a significant impact on a business’ ability to earn revenues.


Cyber insurance potentially allows businesses to recover systems and return to normal operations faster.  Cyber insurance compensates policy holders for losses of income as well as extra expenses required to restore systems (e.g. employee overtime).  Businesses that do not have cyber insurance will incur these losses out of their own pocket.


Cyber insurance policies also cover ransom payments, should a policy holder choose to pay it.  If a ransom is paid, the business may be able to resume operations and mitigate any loss of sales or customers.


Access to experts


Cyber insurers will typically have a panel of experts that policy holders can access once they file a claim.  These experts include lawyers, forensic accountants, computer forensics specialists, and public relations firms, and are pre-vetted by the insurance company. 


Access to experts that are ready to start working on your case is vitally important when dealing with a cyber attack.  Given the frequency and severity of cyber attacks in recent years, there is significant demand for experts who have experience in this area.  It can be very time consuming for policy holders to identify and retain experts on their own, especially during the initial chaos of a cyber attack. 


Assistance with potential litigation


In a previous blog post, we discussed the difference between first party and third party cyber coverage.  Under a cyber policy, third party coverage applies when, for example, a company experiences a data breach, and confidential information about customers is exposed.  If customers seek compensation for any losses suffered from the company, a claim can be filed under its third party cyber coverage.


As of November 1, 2018, the Privacy Commissioner of Canada implemented enhanced reporting and notification requirements when an organization suffers a privacy breach.  Third party cyber coverage can help businesses deal with the aftermath of data breaches.


Third party cyber insurance can cover the payment of damages and settlements, as well as fines imposed by regulatory bodies.  It can also cover various expenses to investigate and defend a claim made against the policy holder.  These expenses include legal fees, credit monitoring services provided to impacted individuals, the cost to set up a call centre to assist customers whose information may have been exposed, and costs incurred to notify impacted individuals about the breach. 


Access to resources


Some insurance companies are now providing various cyber security services to policy holders, in an effort to help businesses prevent cyber attacks.  Some of the services currently offered include:


  • Cyber security training, provided either online or in person, to the employees of policy holders.  Since many cyber attacks can occur as a result of human error (e.g. through a phishing scheme), the training can provide employees with a better understanding of how to identify potential cyber threats, and their role in keeping the organization safe.
  • Cyber risk assessments, where experts will evaluate the policy holder’s systems, identify potential vulnerabilities, and recommend ways to strengthen the organization’s security.
  • Consulting services, which provide access to legal, computer forensics, and cyber security experts to help organizations understand the specific risks facing their business, and how to prepare for a potential cyber attack.


Although cyber insurance premiums are expected to increase significantly over time, it is still worthwhile to consider purchasing this coverage in the event you are the target of a cyber attack.  Regardless of the cost of the premiums, it is likely significantly less expensive compared to the cost of recovering from a cyber attack.


Contact us to learn more.   647-426-0146  |

Communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. For permission to republish this content, please contact Rehana Moosa Forensic Accounting Professional Corporation.

Back to Knowledge

Related Knowledge

Common Exclusions Under Cyber Insurance Policies

Understanding the types of losses and costs that cyber insurance excludes is as important as understanding…read more

Document Requests for Fidelity / Crime Insurance Claims

When reviewing or preparing a fidelity / crime insurance claim, the documents required to substantiate…read more

What Does Cyber Insurance Cover?

With the significant increase in the number of cyber attacks over recent years, cyber insurance has become…read more

What To Do If You Suspect Fraud

When business owners first suspect an employee of fraud, it is important to take the right steps at the…read more

Decrypting Cyber Insurance

Purchasing a cyber insurance policy can be challenging – there are many exclusions and limitations and…read more


The RMFA Difference

Regardless of background or level of knowledge, all our clients are treated with professionalism and respect. All files, regardless of size or complexity, are treated as a top priority. That’s our promise.