Cyber Insurance. You Don’t Think You Need It . . . Until You Do

In the world of cybersecurity, experts concur that cyber attackers are poised for another active year, marked by the “mother of all breaches” that occurred in January 2024. 

It’s a common misconception that cybercriminals only target large enterprises, but the reality is that thousands of attacks go unnoticed by the headlines. While it’s tempting to believe hackers are solely after big scores, that’s not the case. 

In fact, hackers often see small and medium-sized businesses (SMBs) as easy targets – the proverbial “low-hanging fruit.” Being complacent in this regard can be risky. Your business might already be on a hacker’s radar, listed as a potential target. 

SMB Cyber Security Attacks: 43% of all Cyber attacks are against small and medium sized businesses. 95% of them can be attributed to human error. 

Protecting Your Business from Cyber-Attacks 

There are three fundamental elements to protecting your business from an attack. 

1. Install and keep updated antivirus and firewalls 
2. Train all your staff regularly on how to prevent and mitigate potential attacks 
3. Obtain adequate insurance coverage against cyber attacks 

No. 1 is critical. However, simply having antivirus and firewall software installed is not enough. The latest hacking techniques don’t need to get past your software. In some cases, they actually use your antivirus software against you to spread malware. 

No. 2 becomes critical. Employee training. For example, in 2023, MGM’s fortress-like security was breached with a simple social engineering attack against individual members of staff who had access to sensitive systems. The weakest link in any cyber security system is human error. We click links we shouldn’t, download things we ought not, set passwords that are easy to guess, and give up personal information on the internet and social media all the time. 

So, there are two things we can be certain of: 

• No-one can say for sure that they will never be attacked 
• No organization is able to repel every possible kind of attack 

No. 3 is not optional. Insurance coverage is the bedrock tactic for protecting your business against cyber attacks. 

WHY IS CYBER INSURANCE THE CENTRE PIECE OF YOUR STRATEGY? 

First of all, when you discover that your business has been breached, Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), mandate that all such breaches and/or privacy violations must be reported. Other businesses and individuals that are affected must also be notified. If you do not report the breach, you may be fined to the tune of $100,000, as well as incur severe financial damage and/or legal action. 

Second, uninsured cyber losses are costly. The average cost to detect and contain a breach (investigations, assessments, audits, and crisis management) was a staggering $1.78 million. Even one stolen laptop that contains your customer data can typically cost you $50,000 to respond effectively. 

These are not one-off expenses either. Once a breach occurs, the costs do not end immediately. Many companies report that you can feel the “long-tail” costs for years after the incident. In a study of 86 companies, about one-third of costs occurred more than one year after a data breach was discovered. 

COMPLACENCY IS A KILLER

• 60% of businesses close 6 months after a successful cyber attack 
• 36% of polled Canadian firms have no cyber security insurance 

What contributes to these high costs? First off, if data is lost and needs recovering or replacing, depending on the number of records lost, that can be a considerable outlay. Then you need to add the cost of notifying the victims. Then you need to add the IT and admin costs to contain the breach and get back to business. If you have a comprehensive, regularly tested playbook to do this and staff receive ongoing training, then that may not take so long which can reduce costs. However, if that is not you, expect the pain to drag on for months and even years. 

Finally, you can expect post-breach costs, such as lawyers, public relations, or forensic experts who have to be hired. Cyber breaches are also a heavy blow on your company’s reputation. In many cases, it includes a loss of business, either from merely not being operational, to customers refusing to do business with you anymore due to a lack of trust. 

At Park Insurance, we would be happy to talk with you further about getting the right cybersecurity insurance policy for your business. A broad range of policies are available to meet your unique needs. Coverage options include help for reimbursement of expenses incurred due to: 

• Privacy Breaches (consultation, notification and management services after personal information is compromised) 
• Computer Attacks (replacing and restoring data and systems following a hacking, virus or malware attack) 
• Data Compromise Liability (defence and settlement expenses if you are sued as a result of a personal information breach) 
• Identity Theft 
• Cyber Extortion 
• Media Liability 
• And more 

With the right coverage you get protection, peace of mind and a future for your business. Contact us today to get started.