Knowledge

Why Buy Cyber Insurance?

Rehana MoosaBy Rehana Moosa

At a time when many businesses are suffering financially due to the pandemic, business owners may feel that cyber insurance is an unnecessary luxury.  After all, what are the odds that a hacker will attack their small business?

The odds are actually quite high.  Most cyber attacks target small businesses because they tend to invest less in cybersecurity, while still holding a treasure trove of personal information about employees and customers that cyber criminals can use to extort a ransom from the business.

 

According to a poll commissioned by the Insurance Bureau of Canada in 2019, 60% of small businesses do not have cyber insurance.  So what are the benefits of having cyber insurance?

 

Faster recovery time

 

In today’s digital age, businesses are increasingly reliant on technology and data to operate.  Any disruption to access to the technology and data can have a significant impact on a business’ ability to earn revenues.

 

Cyber insurance potentially allows businesses to recover systems and return to normal operations faster.  Cyber insurance compensates policy holders for losses of income as well as extra expenses required to restore systems (e.g. employee overtime).  Businesses that do not have cyber insurance will incur these losses out of their own pocket.

 

Cyber insurance policies also cover ransom payments, should a policy holder choose to pay it.  If a ransom is paid, the business may be able to resume operations and mitigate any loss of sales or customers.

 

Access to experts

 

Cyber insurers will typically have a panel of experts that policy holders can access once they file a claim.  These experts include lawyers, forensic accountants, computer forensics specialists, and public relations firms, and are pre-vetted by the insurance company. 

 

Access to experts that are ready to start working on your case is vitally important when dealing with a cyber attack.  Given the frequency and severity of cyber attacks in recent years, there is significant demand for experts who have experience in this area.  It can be very time consuming for policy holders to identify and retain experts on their own, especially during the initial chaos of a cyber attack. 

 

Assistance with potential litigation

 

In a previous blog post, we discussed the difference between first party and third party cyber coverage.  Under a cyber policy, third party coverage applies when, for example, a company experiences a data breach, and confidential information about customers is exposed.  If customers seek compensation for any losses suffered from the company, a claim can be filed under its third party cyber coverage.

 

As of November 1, 2018, the Privacy Commissioner of Canada implemented enhanced reporting and notification requirements when an organization suffers a privacy breach.  Third party cyber coverage can help businesses deal with the aftermath of data breaches.

 

Third party cyber insurance can cover the payment of damages and settlements, as well as fines imposed by regulatory bodies.  It can also cover various expenses to investigate and defend a claim made against the policy holder.  These expenses include legal fees, credit monitoring services provided to impacted individuals, the cost to set up a call centre to assist customers whose information may have been exposed, and costs incurred to notify impacted individuals about the breach. 

 

Access to resources

 

Some insurance companies are now providing various cyber security services to policy holders, in an effort to help businesses prevent cyber attacks.  Some of the services currently offered include:

 

  • Cyber security training, provided either online or in person, to the employees of policy holders.  Since many cyber attacks can occur as a result of human error (e.g. through a phishing scheme), the training can provide employees with a better understanding of how to identify potential cyber threats, and their role in keeping the organization safe.
  • Cyber risk assessments, where experts will evaluate the policy holder’s systems, identify potential vulnerabilities, and recommend ways to strengthen the organization’s security.
  • Consulting services, which provide access to legal, computer forensics, and cyber security experts to help organizations understand the specific risks facing their business, and how to prepare for a potential cyber attack.

 

Although cyber insurance premiums are expected to increase significantly over time, it is still worthwhile to consider purchasing this coverage in the event you are the target of a cyber attack.  Regardless of the cost of the premiums, it is likely significantly less expensive compared to the cost of recovering from a cyber attack.

 

Contact us to learn more.   647-426-0146  |  rehana@rmforensics.ca

Communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. For permission to republish this content, please contact Rehana Moosa Forensic Accounting Professional Corporation.

Back to Knowledge

Related Knowledge

Industries Most Susceptible to Fraud

Certain industries are more susceptible to fraud than others.  The nature of their operations are such…read more

Criminal Fraud Sentences in Canada: The Case of the Unrepentant Advisor

Jail sentences for fraud in Canada are lower when compared to other countries, such as the U.S.  For…read more

Why Buy Fidelity / Crime Insurance?

“It’s just an additional cost for me. I don’t think it’s worth it.” “I trust my employees, they would…read more

What Is Fidelity Insurance?

When an organization is defrauded by an employee, there are a few avenues that can be pursued to recover…read more

Breaching the Divide - What You Should Know About Purchasing Cyber Insurance

Homer Simpson once said, "If something is hard to do, then it's not worth doing."read more

RMFA Logo

The RMFA Difference

Regardless of background or level of knowledge, all our clients are treated with professionalism and respect. All files, regardless of size or complexity, are treated as a top priority. That’s our promise.