Risk & Business Magazine CMW Insurance Fall 2015 | Page 2
R
& Ensure Protection
B Small Businesses May Be More Likely to Experience a Cyberattack
BY: GORD PAYNE, DIRECTOR, CORPORATE COMMERCIAL LINES, INTACT INSURANCE
S
ay the words, “cyberattack,” and most
people think of companies like Target
and Home Depot. Small businesses think
they are immune to this sort of breach
but as more small companies adopt the
same technologies as large corporations,
they may be even more exposed than the
large ones.
“Big businesses are no longer the sole
target for cyberattacks, as smaller
businesses handling credit card
transactions and who collect and store
confidential information are often more
unprepared,” says Nathalie Dufresne,
Vice President of commercial lines for
Intact Insurance’s Ontario and Atlantic
divisions.
Where a large company will have systems
in place to help protect them from a
cyberattack, small companies can be
more vulnerable as they typically don’t
have the resources to monitor their
websites and online business.
It’s not just the hackers small businesses
have to worry about. A breach can be as
simple as an employee losing a laptop
with sensitive customer information
stored on it.
While the monetary expense of a
cyberattack can be detrimental, small
businesses that encounter breaches are
more impacted by reputational damage
than larger businesses. A report from
Symantec, a security software company,
states that 60 per cent of small businesses
will go under within six months of a
cyberattack.
Canadian businesses now have a lot
more responsibility when it comes to
a privacy breach since the Personal
Information Protection and Electronic
Documents Act (PIPEDA) has been
amended to include mandatory breach
notification. Businesses will also have
to keep a record of all data breaches
and may need to report them to the
Privacy Commissioner. A business that
knowingly fails to report or record a
breach may be fined up to $100,000.
With so many risks facing small
businesses, how can they protect
themselves in the event of a breach, or
prevent an attack in the first place?
“Small businesses need to ensure they
protect themselves from these types of
attacks by using proactive and reactive
methods,” says Nathalie.
Typical commercial policies do not
cover these types of breaches. However,
customers can easily add on this
coverage, such as Intact Insurance’s
cyber endorsement, to make sure they
are protected. Most include access to
educational resources to help companies
prevent attacks, so customers receive
value immediately. These products
are typically administrated by an
independent third-party, like IDT911, who
are experts in the field.
“Before a breach even happens, customers
can visit IDT911’s customer portal to
access training on breach issues such as
compliance and privacy security, and
download a customizable privacy breach
incident response plan—essential to
minimizing the impact of an attack,” says
Nathalie.
If a breach occurs, the insurance covers
expenses such as assistance in notifying
impacted individuals, computer forensic
services to determine if a privacy breach
has occurred and to assess the breach’s
severity, public relations assistance to
help restore the business’ reputation, as
well as credit monitoring for customers
affected by the breach.
Intact Insurance’s cyber endorsement
also includes business interruption
coverage, so the business is protected if it
can’t perform critical operations such as
processing credit cards.
No matter the product, cyber insurance
is essential for any sized business.
Additionally, the new legal requirements
and the exposures that small business
may face due to lack of resources or
familiarity with this risk makes it even
more important for them to ensure they
are protected.
Gord Payne is the Director of Corporate
Commercial Lines with Intact Insurance.
2
RISK & BUSINESS MAGAZINETM FALL 2015