WHAT IS CYBER LIABILITY INSURANCE?

A Cyber-insurance policy is an insurance product used to protect your business for data breaches on your computers that exposes your client’s information.

WHAT DOES A CYBER LIABILITY INSURANCE POLICY COVER?

• • Comprehensive Cyber Liability: Combines third-party (your customers/clients) cyber liability and first-party (you and your business) cyber crime expense coverage in one form.
  • Business Interruption: Covers lost income and related costs when unable to operate due to a cyber event or data loss
  • Extortion: Provides coverage for the costs associated with the investigation of threats to commit cyber attacks against the policyholder’s systems and for payments to extortionists who threaten to obtain and disclose sensitive information.
  • Extortion & Ransomware: Provides coverage for costs associated with investigating threats to commit cyber attacks and payments to those who threaten to obtain and disclose sensitive information
  • Theft and Fraud: Covers destruction or loss of digital data resulting from a criminal  cyber event.
  • Forensic Investigation: Covers the legal, technical and forensic services necessary to assess whether a cyber-attack has occurred, to assess the impact of the attack and to stop the attack

CAN MY BUSINESS AFFORD CYBER INSURANCE?

Did you know: 43% of all Breaches occurred in small businesses? - 2019 Verizon Breach Report

Of the small businesses attacked, 60% never recover after a hack and go out of business within 6 months because of a lack of cyber security. 

Depending on where you shop, Cyber Insurance can premiums can start as low as  $500 per annum.

TYPES OF CYBER CRIME:

• Phishing – obtaining valuable information such as a credit card details or passwords by posing as a trustworthy company (e.g., a supplier) via email.
• Malware – Malicious software (malware) is any software created and distributed to cause harm or steal information.Malware is designed to hide within the operating system and avoid security safeguards. It may be impossible to detect or remove without specialized tools or expertise.Malware exists for all of the information processing systems that are in use in our business, including desktop computers, laptops, smartphones and tablets.
• Ransomware – One particularly nasty Malware is Ransomware. Ransomware will infiltrate your computer, and encrypt its files, demanding a ransom (typically in bitcoin) to return the data.
• Social Engineering – Criminals impersonate an executive of a company in an email in order to obtain a money transfer or sensitive data from an unsuspecting employee. These emails are often targeted to junior employees, who may be more susceptible due to lack of training or fear of not responding to the senior executive who was impersonated.
• Hacking - Hackers are people who are skilled in the craft of breaking into computer systems. Hackers may be motivated by anything from simple vandalism to extortion, or theft of personal or corporate sensitive information. Hackers may work on their own, belong to a criminal syndicate, or be state sponsored.

What are some ways to Protect against a Cyber Attack?

(via https://hackinsure.frontrowinsurance.com/)

Now more than ever, it’s important you protect yourself in every possible way. Here are a few additional tips we share with all of our clients, to help guard against the risk of a cyber attack:

• Enforcing proper backups on all systems, including workstations: Having regular backups is the best strategy to protect against the damages of a ransomware attack.  You can simply restore from yesterdays backup, validate that the system is clean, and you're back in business.
• Using a strong password strategy: Using the same password across multiple devices and accounts is the easiest way to compromise security. Once a hacker gets their hands on a password, they can easily use it to compromise employee information as well as customer data, turning a single password breach into millions of dollars in damage.
• Patching your systems: Hackers and malware typically make use of vulnerabilities left in unpatched systems to gain a foothold in your company.  Patch you servers, workstations, network devices, and even your printers!
• Don't collect or store privacy information you don't need: Outsource payment processing and avoid collecting customer privacy and/or payment information such as credit card info on your own.
• Security Awareness training for your employees: No business is “too small” for a hacker - the better prepared you are, the less at risk you are. It might seem like common sense, but it’s not always. Develop a written policy about security and privacy and make sure employees are on board and understand their responsibility to protect any confidential data.
• And, of course, purchasing Cyber Liability Insurance: 90% of small businesses do not currently have cyber insurance. You need to know that your business will be protected against any security breaches.

References:

• https://www.iii.org/sites/default/files/docs/pdf/small_business_big_risk_101218.pdf
• https://hackinsure.frontrowinsurance.com/
• https://keepersecurity.com/assets/pdf/Keeper-2018-Ponemon-Report.pdf
• https://www2.deloitte.com/ca/en/pages/financial-services/articles/cyber-insurance.html
• https://enterprise.verizon.com/resources/reports/dbir/

Canadian Cyber Insurance Companies:

• https://www.travelerscanada.ca/business-insurance/liability/cyber-liability-insurance.aspx
• http://www.ibc.ca/on/business/risk-management/cyber-liability
• https://www.aig.ca/cyberedge
• https://www.nbins.com/cyber-risk-insurance/
• https://www.sgicanada.ca/cyber-insurance
• https://www.chubb.com/ca-en/business-insurance/cyber-liability-insurance.aspx