Today every business faces the possibility of being compromised by cyberattacks, such as from hacking, extortion, data breach, phishing scams and others. Especially with work from home becoming so widespread due to the pandemic, businesses are more exposed than ever before.
In the event of an attack, a business must bear the cost of restoring its systems, compensating those whose data has been compromised, paying fines and providing remedial services. The possibility of being sued by individuals and stakeholders cannot be ruled out either.
This article explains the basics of insurance for cyber threats and why every business needs it. To learn more, speak to the IT consulting services team at NUMENTIS.
What Are Cyber Insurance Policies?
Dedicated cyber insurance policies are designed for the unique risks associated with cyberattack. General policies cover businesses for common attacks while comprehensive policies cover specific cybercrimes and particularly sensitive information. An insurance policy doesn’t just provide coverage for business loss, but also the costs associated with data breach disclosures and remedial steps. Optionally, policies can also provide for detailed incident response.
Why Every Business Should Insure Against Cyberattack
Insurance coverage for cyberattacks can compensate/cover:
- Data and security breach remediation and notification expenses
- Monitoring services and recordkeeping
- Costs of complying with disclosure requirements under the Personal Information Protection and Electronic Documents Act
- Public relations expenses to manage damage to the business’s reputation
- Data breach forensic investigation
- Computer program and electronic data restoration expenses
- Extortion payments
- Business interruption for income the business may lose due to an interruption in services
- Subrogation in the event of a lawsuit
Insurance coverage for cyber risks is a new and rapidly evolving field. Insurance companies are continually updating and improving insurance products to meet new types of threats and regulatory compliance.
In the event of cyberattack, an insurance company will assess the breach and damage to determine if the policy is triggered. Policies include exclusions too, so not every breach will be covered. For example, if an employee is defrauded by an imposter into transferring company funds into a fake bank account, that may not be covered by the insurance policy.
Make sure the specific threats your business faces are covered by the policy. Speak to IT professional services before signing a policy.
Disclosure Requirements Under PIPEDA
In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA), 2018, requires businesses to disclose data breaches if certain conditions are met. Under the Act, breaches involving personal information ‘that pose a real risk of significant harm to individuals’ must be disclosed to law enforcement.
There is a significant regulatory cost associated with this; businesses may also have to pay regulatory fines and provide internet monitoring and remedial services to those who have been affected. Insurance can insulate a business from many of these costs.
Discuss Insurance with IT Consulting Services in Oakville
Insurance for cyber threats requires the business to comply with industry standards, network security, disaster planning and other requirements. Talk to our IT professional services team in Oakville about the preparation required before getting cyber insurance.