Cyber Insurance

The simple fact is that most commercial insurance policies either exclude cyber events or offer a built in cyber coverage that simply offer you a help line if you have had a cyber event.

If you keep any customers personal information, employees information, transactions, or hold any important data on your computers that a hacker could use; you may want to consider purchasing Cyber Insurance to protect your company.

Get an insurance Quote

Third-Party Liability & First-Party Coverage

When it comes to Cyber Liability, not all Cyber Insurance policies are equal. The major concern with the data you store is that someone may access the data and cause a legal liability for your company and create scornful customers. There are many cyber policies on the market today. Some policies will be simple endorsements to your current commercial packages, while other policies are offered as standalone policies. Choosing the right package for your company is the hard part.

Cyber Transaction

The majority of companies keep their customers information in order to provide them better service. When a company has customers information they have an obligation to keep that information confidential and secure. First-Party Coverage protects companies for liability to others and provides reimbursement for expenses related to your covered cyber event.

The way companies do business is changing every day due to technology, and this is creating more opportunity for potential losses. Not all cyber events are created by hackers trying to access your data. For example, the majority of companies have an online presence on social media, but don't realize that they could be opening themselves up to liability based lawsuits based on what is posted on these social media accounts.

Examples of third and first party coverage on the majority of standalone cyber insurance policies:

  • Notifying clients that their information has been exposed and the legal expenses to determine notification requirements.
  • Purchasing a credit monitoring service for the affected customers of a data breach.
  • Starting a public relations campaign to manage the company's public image after a breach.
  • Business interruption coverage to offset the cost of the lost income due to a covered loss.

Examples of First-Party Coverage cyber events:

  • Cyber Extortion
  • Human Error
  • Denial of Service Attack (DDoS) - Network Disrupted by Hackers

Examples of Third-Party Coverage cyber events:

  • Virus Transmission to a Third Party
  • Data/Network Breach on a System You Setup
  • Misuse of Personal Data

Make sure your current cyber insurance policy has Third-Party Liability & First-Party Coverage, or contact us today so that our experts can help you choose a policy that carries this coverage.

Other Coverages to Look For:

Worldwide Coverage

Are you sure that your data is hosted in Canada?

Do you have any cloud hosted software or a cloud based data backup solution? You could be liable with your current cyber insurance policy if your data ever goes past the border and the company that hosts your data has a breach.

Make sure your current cyber liability policy has worldwide coverage or contact us today so our experts can help you choose the best policy for your companies specific needs.

Extended Reporting Period

Does your current policy require you to report the incident within the policy dates?

Unfortunately if your company has had a data breach, you may not know about the breach until years after. This has been proven by some of the largest technology companies in the world as they have detected a breach when a hacker has released their information four or more years after the initial breach.

Some insurance companies offer extensions of the reporting period required in the policy. Most policies will have a clause that requires you to report a covered cyber event within the policy period. If you switch insurance company's or cancel your cyber policy for any reason, you could be left without coverage for a breach that happened while you were actually insured.

Read your policy wordings today to find out if you can extend your current policies reporting period, or contact us today so our experts can help you choose a policy that offers the extended reporting period.

Transmission of Viruses/Malicious Code

Does your current policy exclude known viruses and malicious code?

It happens to almost everyone at some point in their lives; we clicked a link that we should not have. Not every cyber insurance policy will have coverage for viruses or malicious code that originated from your computer to others. This can be a problem with viruses that email themselves to all of your contacts, or inject themselves into your normal everyday emails.

Some insurance companies will specifically exclude any cyber events that were caused by known viruses or known malicious code. This can put your entire company's livelihood on your anti-virus/anti-malware software. To make sure your company is covered for the types of cyber events that it is currently susceptible to, contact us today to make sure your company is adequately covered.

Unencrypted Device Coverage

Does your company encrypt its data storage devices, phones, and computers/laptops?

Some cyber insurance policies will specifically exclude coverage for unencrypted devices. Considering the fact that most small to medium sized businesses do not even know what this means, and have no way to confirm if they have encrypted devices; it is worth making sure you are covered for unencrypted devices on your cyber insurance policy. The majority of devices that your business uses will be unencrypted which could make them excluded on your cyber policy.

Please contact us for more details about obtaining a policy with these coverages.

Real Life Examples of Cyber Events

Everyone assumes that cyber events only happens to the big companies. This is simply no longer true. Small and medium sized businesses are easier targets as they do not have the same money and workforce to implement a hardened security protocol.

The most frequent cause of loss/claim in the past few years has been from stolen or lost personal devices (laptops, phones, etc). This type of loss happens to every business, and if your companies devices are not encrypted and locked, you may find yourself in a claim situation. The second most frequent cause of loss was due to hackers.

A breach occurred in one of Canada's major banks, but it wasn't through a hacker; it was an employee. The bank had an employee who would print customer profiles of individuals who had applied for mortgages. The employee would then provide this personal and financial information to his girlfriend, who then sold the information to third parties for fraudulent purposes.

In this particular case, there were 643 customer files were accessed by the employee and 138 customers had advised the bank that they had been victims of identity fraud.

The bank had to notify each of the customers affected by the breach, and offered a complimentary credit monitoring service, and identity theft protection. In addition, the bank also had to compensate the 138 customers for their losses.

In 2011 the Ontario Superior Court of Justice certified a class action in the case of a nurse who lost a digital memory USB key. The USB key contained the unencrypted personal and confidential information of 83,524 individuals who received H1N1 vacines.

In this particular case the court approved a settlement whereby class members could make a claim and even pursue the claim before a claims adjuster. The settlement also provided for the payment of costs to class counsel in the additional amount of $500,000, plus 25% of actual claims paid by the defendant in the future.

The court made it very clear that the case could have been worse when they stated that the case “would look far different if information from the lost USB key had been abused by a wrongdoer”.

One of the largest online console gaming companies had their network breached by hackers. There were 3.5 million Canadian account holders in the database. The console company offered free content and discounted subscriptions as an apology to the gaming community.

The settlement also included reimbursement of account credit balances, online game and service benefits. In addition, the gaming company provided reimbursement of up to $2,500 per claim for out-of-pocket expenses for class members who could demonstrate that they suffered identity theft, and class counsel fees of $265,000.

It is very easy to see how a cyber event could add up depending on the amount of data your company holds.

A regulatory organization for the investment industry was served a motion to authorize a class action due to the accidental loss of a portable device (notebook computer) that contained personal information relating to clients of a number of investment firms.

The notebook contained information on 52,000 clients and was password protected but not encrypted. The lawsuit sought $1,000 plus interest on behalf of each class member ($52 million based on 52,000 potential claimants).

The organization reported in its Annual Report 2012-2013 that the total costs for this incident was projected to be $5,208,000 which included credit alerts, credit monitoring, support costs provided to affected clients and a dedicated call center.

The Latest Business Insurance Articles From Our Blog

Insurance for Building Owners and Property Managers

Insurance for Building Owners and Property Managers

by: Elliott Insurance Services

Finding the right coverage to protect your large investments should be a priority for any business. Finding an insurance professional with the expertise to insure larger investments can make the difference between having future investments and having thoughts of what could have been. Experienced brokers will know that there is more to insuring a building than just the “bricks and… Read more »

Should I Switch Insurance Companies

Should I Switch Insurance Companies?

by: Elliott Insurance Services

No one likes over paying for insurance, so when you see a deal that you think could be better, it’s pretty tempting to make that switch. The real question is, should you make that switch? Today we will try to break down the reasons why you should switch companies and also the reasons why you should stay with your current… Read more »

We’re at it again…

by: Elliott Insurance Services

Just because we’re a 100 year old company, doesn’t mean we can’t innovate.  With this in mind, we’ve launched a sister company that focuses on insurance for Contractors and Trades and we wanted to be sure our long time valued clients knew. Contractors and Tradespeople are integral to our society.  They build our homes and businesses.  They create and maintain… Read more »