You’ve no doubt heard or read a story about the impact of cyber breaches on large multi-national corporations, governments, or charities that affect tens of millions of clients, citizens, or donors. But despite these types of high-profile cases, many businesses are still unclear as to whether their business insurance policy covers cyber risks, or they feel that cyber insurance coverage is not something they need.
Cyber insurance is an important coverage to have in your business insurance policy. We’d like to help clear up some of the misconceptions that are out there about cyber insurance coverage by looking at some frequent questions from business owners.
“Aren’t I protected from cyber risk exposures with my general liability insurance policy?”
This is a common misconception among business owners. Many assume their current insurance policy covers cyber through property or liability coverages, but that often isn’t the case. Data isn’t considered a tangible piece of property, so it’s typically excluded under a property policy.
Damages from loss or corruption of electronic data, loss of income resulting from a computer virus or malware or DDoS attack, and certain expenses like extortion expenses are not covered under traditional liability or property policies. Only cyber insurance coverage protects you from those unique risks.
“We’re not a mega-corporation, so do we really need cyber insurance coverage?”
Cyber insurance is more than coverage against malicious hackers and cyber criminals – it also covers human error and losses caused by employees. A 2016 report sponsored by IBM and conducted by the Ponemon Institute on the cost of data breaches in Canada found that while most breaches were the result of a malicious attack, 25 per cent were still due to negligent employees or contractors.
What’s more, a 2016 report from Symantec found that small and medium sized businesses are increasingly targeted. Data collected from 2011 to 2015 shows a steady increase in cyber attacks on businesses with fewer than 250 employees. Small and medium sized businesses can be ideal targets for cyber criminals, as these businesses don’t have the same resources and budgets dedicated to training and prevention as large corporations do.
“Can’t I manage on my own without needing cyber insurance coverage?”
Ask yourself: Do you have an incident response plan, disaster recovery plan, and a business continuity plan? Unfortunately, many businesses don’t. Dealing with a cyber breach can be expensive and cyber insurance coverage is designed to help cover the costs associated with the breach.
Beyond the direct costs of dealing with and recovering from a cyber attack or data breach, there are also other costs that are harder to calculate. Of the businesses that reported a cyber security incident in 2017, 58 per cent experienced downtime as a result of the incident and 54 per cent found the event prevented employees from carrying out day-to-day work, according to Statistics Canada. Meanwhile, 53 per cent reported that the incidents prevented the use of resources or services (for example, desktop computers or email).
The untold impact of a data breach is the reputational damage it can cause your business. Customers are equally worried about the security and privacy of their data when dealing with businesses. If a privacy incident is not properly handled, it can be devastating to the survival of your business.
We can help
To learn more about our insurance offerings, and how they can help your business, visit our business insurance page today. We can help you determine exactly what you need to help ensure your business is protected, so you can continue to work worry-free.
This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information. Terms, conditions and exclusions apply to coverage, see policy for details.