Cyber Insurance

The simple fact is that most commercial insurance policies either exclude cyber events or offer a built in cyber coverage that simply offer you a help line if you have had a cyber event.

If you keep any customers personal information, employees information, transactions, or hold any important data on your computers that a hacker could use; you may want to consider purchasing Cyber Insurance to protect your company.

Get an insurance Quote

Third-Party Liability & First-Party Coverage

When it comes to Cyber Liability, not all Cyber Insurance policies are equal. The major concern with the data you store is that someone may access the data and cause a legal liability for your company and create scornful customers. There are many cyber policies on the market today. Some policies will be simple endorsements to your current commercial packages, while other policies are offered as standalone policies. Choosing the right package for your company is the hard part.

Cyber Transaction

The majority of companies keep their customers information in order to provide them better service. When a company has customers information they have an obligation to keep that information confidential and secure. First-Party Coverage protects companies for liability to others and provides reimbursement for expenses related to your covered cyber event.

The way companies do business is changing every day due to technology, and this is creating more opportunity for potential losses. Not all cyber events are created by hackers trying to access your data. For example, the majority of companies have an online presence on social media, but don't realize that they could be opening themselves up to liability based lawsuits based on what is posted on these social media accounts.

Examples of third and first party coverage on the majority of standalone cyber insurance policies:

  • Notifying clients that their information has been exposed and the legal expenses to determine notification requirements.
  • Purchasing a credit monitoring service for the affected customers of a data breach.
  • Starting a public relations campaign to manage the company's public image after a breach.
  • Business interruption coverage to offset the cost of the lost income due to a covered loss.

Examples of First-Party Coverage cyber events:

  • Cyber Extortion
  • Human Error
  • Denial of Service Attack (DDoS) - Network Disrupted by Hackers

Examples of Third-Party Coverage cyber events:

  • Virus Transmission to a Third Party
  • Data/Network Breach on a System You Setup
  • Misuse of Personal Data

Make sure your current cyber insurance policy has Third-Party Liability & First-Party Coverage, or contact us today so that our experts can help you choose a policy that carries this coverage.


Other Coverages to Look For:

Worldwide Coverage

Are you sure that your data is hosted in Canada?

Do you have any cloud hosted software or a cloud based data backup solution? You could be liable with your current cyber insurance policy if your data ever goes past the border and the company that hosts your data has a breach.

Make sure your current cyber liability policy has worldwide coverage or contact us today so our experts can help you choose the best policy for your companies specific needs.

Extended Reporting Period

Does your current policy require you to report the incident within the policy dates?

Unfortunately if your company has had a data breach, you may not know about the breach until years after. This has been proven by some of the largest technology companies in the world as they have detected a breach when a hacker has released their information four or more years after the initial breach.

Some insurance companies offer extensions of the reporting period required in the policy. Most policies will have a clause that requires you to report a covered cyber event within the policy period. If you switch insurance company's or cancel your cyber policy for any reason, you could be left without coverage for a breach that happened while you were actually insured.

Read your policy wordings today to find out if you can extend your current policies reporting period, or contact us today so our experts can help you choose a policy that offers the extended reporting period.

Transmission of Viruses/Malicious Code

Does your current policy exclude known viruses and malicious code?

It happens to almost everyone at some point in their lives; we clicked a link that we should not have. Not every cyber insurance policy will have coverage for viruses or malicious code that originated from your computer to others. This can be a problem with viruses that email themselves to all of your contacts, or inject themselves into your normal everyday emails.

Some insurance companies will specifically exclude any cyber events that were caused by known viruses or known malicious code. This can put your entire company's livelihood on your anti-virus/anti-malware software. To make sure your company is covered for the types of cyber events that it is currently susceptible to, contact us today to make sure your company is adequately covered.

Unencrypted Device Coverage

Does your company encrypt its data storage devices, phones, and computers/laptops?

Some cyber insurance policies will specifically exclude coverage for unencrypted devices. Considering the fact that most small to medium sized businesses do not even know what this means, and have no way to confirm if they have encrypted devices; it is worth making sure you are covered for unencrypted devices on your cyber insurance policy. The majority of devices that your business uses will be unencrypted which could make them excluded on your cyber policy.

Please contact us for more details about obtaining a policy with these coverages.

Real Life Examples of Cyber Events

Everyone assumes that cyber events only happens to the big companies. This is simply no longer true. Small and medium sized businesses are easier targets as they do not have the same money and workforce to implement a hardened security protocol.

The most frequent cause of loss/claim in the past few years has been from stolen or lost personal devices (laptops, phones, etc). This type of loss happens to every business, and if your companies devices are not encrypted and locked, you may find yourself in a claim situation. The second most frequent cause of loss was due to hackers.

A breach occurred in one of Canada's major banks, but it wasn't through a hacker; it was an employee. The bank had an employee who would print customer profiles of individuals who had applied for mortgages. The employee would then provide this personal and financial information to his girlfriend, who then sold the information to third parties for fraudulent purposes.

In this particular case, there were 643 customer files were accessed by the employee and 138 customers had advised the bank that they had been victims of identity fraud.

The bank had to notify each of the customers affected by the breach, and offered a complimentary credit monitoring service, and identity theft protection. In addition, the bank also had to compensate the 138 customers for their losses.

In 2011 the Ontario Superior Court of Justice certified a class action in the case of a nurse who lost a digital memory USB key. The USB key contained the unencrypted personal and confidential information of 83,524 individuals who received H1N1 vacines.

In this particular case the court approved a settlement whereby class members could make a claim and even pursue the claim before a claims adjuster. The settlement also provided for the payment of costs to class counsel in the additional amount of $500,000, plus 25% of actual claims paid by the defendant in the future.

The court made it very clear that the case could have been worse when they stated that the case “would look far different if information from the lost USB key had been abused by a wrongdoer”.

One of the largest online console gaming companies had their network breached by hackers. There were 3.5 million Canadian account holders in the database. The console company offered free content and discounted subscriptions as an apology to the gaming community.

The settlement also included reimbursement of account credit balances, online game and service benefits. In addition, the gaming company provided reimbursement of up to $2,500 per claim for out-of-pocket expenses for class members who could demonstrate that they suffered identity theft, and class counsel fees of $265,000.

It is very easy to see how a cyber event could add up depending on the amount of data your company holds.

A regulatory organization for the investment industry was served a motion to authorize a class action due to the accidental loss of a portable device (notebook computer) that contained personal information relating to clients of a number of investment firms.

The notebook contained information on 52,000 clients and was password protected but not encrypted. The lawsuit sought $1,000 plus interest on behalf of each class member ($52 million based on 52,000 potential claimants).

The organization reported in its Annual Report 2012-2013 that the total costs for this incident was projected to be $5,208,000 which included credit alerts, credit monitoring, support costs provided to affected clients and a dedicated call center.

The Latest Business Insurance Articles From Our Blog


Insurance Myth or Fact

10 Common Automobile Insurance Myths

by: Elliott Insurance Services
2017-01-17

In a perfect world, automobile insurance would be uncomplicated and it could be easily understood by everyone. Let’s face it however; auto insurance can be confusing and difficult to understand. It doesn’t help that there are a number of misconceptions associated with obtaining car insurance.  Let’s put the rumours to rest and discuss some of the most common myths.  Please… Read more »

Cyber insurance - cyber liability

What is Cyber Insurance?

by: Elliott Insurance Services
2016-12-23

Cyber insurance is becoming the new buzz word in the insurance industry and its showing no signs of slowing down.  Computers are targeted at businesses large and small every day.  If you keep any customers personal information, employees information, e-commerce transactions, or hold any important data on your computers that a hacker could use; you may want to consider reading… Read more »

Insurance Myth or Fact

7 Common Commercial Insurance Myths

by: Elliott Insurance Services
2016-10-11

Business owners have a lot on their plates. Not only do they have to run their business, they also have to make sure that it is protected correctly in the event of a loss. There are a number of myths surrounding business insurance you should be aware of. Take look at some of the most common myths below to assist… Read more »