Risk & Business Magazine CMW Insurance Fall 2015 | Page 2

R & Ensure Protection B Small Businesses May Be More Likely to Experience a Cyberattack BY: GORD PAYNE, DIRECTOR, CORPORATE COMMERCIAL LINES, INTACT INSURANCE S ay the words, “cyberattack,” and most people think of companies like Target and Home Depot. Small businesses think they are immune to this sort of breach but as more small companies adopt the same technologies as large corporations, they may be even more exposed than the large ones. “Big businesses are no longer the sole target for cyberattacks, as smaller businesses handling credit card transactions and who collect and store confidential information are often more unprepared,” says Nathalie Dufresne, Vice President of commercial lines for Intact Insurance’s Ontario and Atlantic divisions. Where a large company will have systems in place to help protect them from a cyberattack, small companies can be more vulnerable as they typically don’t have the resources to monitor their websites and online business. It’s not just the hackers small businesses have to worry about. A breach can be as simple as an employee losing a laptop with sensitive customer information stored on it. While the monetary expense of a cyberattack can be detrimental, small businesses that encounter breaches are more impacted by reputational damage than larger businesses. A report from Symantec, a security software company, states that 60 per cent of small businesses will go under within six months of a cyberattack. Canadian businesses now have a lot more responsibility when it comes to a privacy breach since the Personal Information Protection and Electronic Documents Act (PIPEDA) has been amended to include mandatory breach notification. Businesses will also have to keep a record of all data breaches and may need to report them to the Privacy Commissioner. A business that knowingly fails to report or record a breach may be fined up to $100,000. With so many risks facing small businesses, how can they protect themselves in the event of a breach, or prevent an attack in the first place? “Small businesses need to ensure they protect themselves from these types of attacks by using proactive and reactive methods,” says Nathalie. Typical commercial policies do not cover these types of breaches. However, customers can easily add on this coverage, such as Intact Insurance’s cyber endorsement, to make sure they are protected. Most include access to educational resources to help companies prevent attacks, so customers receive value immediately. These products are typically administrated by an independent third-party, like IDT911, who are experts in the field. “Before a breach even happens, customers can visit IDT911’s customer portal to access training on breach issues such as compliance and privacy security, and download a customizable privacy breach incident response plan—essential to minimizing the impact of an attack,” says Nathalie. If a breach occurs, the insurance covers expenses such as assistance in notifying impacted individuals, computer forensic services to determine if a privacy breach has occurred and to assess the breach’s severity, public relations assistance to help restore the business’ reputation, as well as credit monitoring for customers affected by the breach. Intact Insurance’s cyber endorsement also includes business interruption coverage, so the business is protected if it can’t perform critical operations such as processing credit cards. No matter the product, cyber insurance is essential for any sized business. Additionally, the new legal requirements and the exposures that small business may face due to lack of resources or familiarity with this risk makes it even more important for them to ensure they are protected. Gord Payne is the Director of Corporate Commercial Lines with Intact Insurance. 2 RISK & BUSINESS MAGAZINETM FALL 2015