Risk & Business Magazine Jones DesLauriers Insurance Fall 2016 | Page 28

YOU NEED CYBER INSURANCE BY: IAN MORRIS PARTNER, ACCOUNT EXECUTIVE, JONES DESLAURIERS INSURANCE You Need Cyber Insurance Are You At Risk? D ata breaches are now a fact of life, together with taxes and death. How can businesses better manage the risks related to data breaches and reduce the significant cost that can result from them? The answer—cyber insurance! Cyber insurance, or cyber liability, is a relatively new line of insurance that is designed to help companies mitigate losses arising from a cyber-related security breach or other similar event. exposure, but they, too, have been victims of phishing attacks. Canadian businesses currently purchase cyber liability insurance. CYBER FACTS: A recent risk management survey of Canadian companies indicated that cyber liability and cyber loss prevention have become the number one concern for Canadian companies in 2016, up from number five in 2015. WHAT DOES CYBER LIABILITY INSURANCE COVER? There are a variety of policies being provided by a number of well- and lesserknown insurers. The basic cyber policy will cover the following losses: • Who might suffer a cyber attack? Any organization that stores and maintains customer information, collects online payment information or uses the cloud should consider adding cyber insurance to its budget. Also, consider the proliferation of devices that now connect to business networks. THERE ARE SIMPLY MORE OPPORTUNITIES FOR MALICIOUS FOLKS TO ACCESS AN ORGANIZATION’S ASSETS. Cyber attacks against all businesses are increasing. Small businesses tend to think they are safely tucked away from 28 | FALL 2016 • • • A recent survey of Canadian IT professionals at mid-sized Canadian businesses reported that cyber attacks have increased 17 percent year-over-year and that 51 percent of the companies had experienced the loss or exposure of sensitive information within the last twelve months. Mid-sized Canadian companies reported that the average cyber claim in Canada is approximately $7 million. The average claim breaks down as follows: cleanup or remediation ($766,667), lost user productivity ($950,625), disruption to normal operations ($1.1 million), damage or theft of IT assets and infrastructure ($1.6 million), and damage to reputation and marketplace image ($2.6 million). In North America, cyber insurers paid over $650 million in cyber losses in 2015 Worldwide cyber losses exceeded $445 billion in 2015 In spite of the ever-increasing number and scale of cyber claims, it is currently estimated that only 10 percent of • Investigation: The insurer will conduct an in-depth investigation to determine what occurred, who may be responsible, how to repair damage and how to prevent the same type of breach from occurring in the future. Investigations are typically done by a third-party cyber investigation firm. • Business losses: Cyber insurance policies may include as losses any monetary losses resulting from network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage. • Privacy and notification: Many jurisdictions mandate notifications to customers and other affected parties, which can include credit monitoring for all customers whose data was or may have been breached. • Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements, and regulatory fines. This may also include the costs of cyber extortion, such as ransomware. Not all cyber policies are created equal.