Cyber Insurance & Why Your Business Needs It

Have you ever received a phishing email that looked so real that you almost clicked on it? What if one of your employees did? What if the virus they received were to spread not only to your computer, but to everyone’s computer in the office, and the worst possible denomination – your customer’s as well? You’re probably unaware that if this were to happen that your current insurance would not cover the damages it can cause because the average average plan does not take care of cyber risks. That’s why we’re going to review everything about the possible harms cyber attacks can on your business and what you can do to prevent them!

What is Cyber Insurance?

Cyber insurance is a specialized policy that is usually not included in your business insurance, and specifically protects your business, employees, and customers from various cyber risks. Cyber insurance will cover everything your business needs to get back to its normal operations. This includes any of the following: IT Specialists, Forensic Teams, Ransom Costs, Legal Costs, Compliance Costs, Public Relations, etc.

What Are Cyber Risks?

Cyber risks are frequent, unpredictable and can be expensive. They can happen to any business, large or small at any time. Common cyber risks include: 

What Does a Cyber Attack Look Like? 

From my experience, there are two common scenarios for cyber attacks of small businesses in Canada:

Scenario 1: Ransom

You come to work in the morning, just like every morning, but this time you turn on your computer and you receive a message saying that all of your customer’s information will be released unless you send a payment of $100,000. Pretty unnerving stuff, right! 

Scenario 2: Lockout

You come to work in the morning, just like every morning, but this time one of your staff tells you that they cannot access their computer. In fact, all your staff say they cannot access their computer. A hacker has encrypted all your computers and now your staff can’t work. 

Do you remember the last time you had a power outage at your office and all of your staff were just standing around? Scenario 2 is similar to that – uncontrollable and just plain frusterating. 

You’re Under Cyber Attack… Now What?

You do the same thing you do every time you have a problem with your computers or network, you call your IT specialist.  The specialist tells you it’s going to take at least a couple of hours or maybe even a day or so to sort this through. That means lost productivity, lost orders, lost customers, and lots of lost money. Although you have a plan in order now, this is everything you don’t want to hear. There’s not much worse than being a victim to a cyber attack. 

So How Does Cyber Insurance Help?

Cyber insurance is comprehensive and is there to get you, your staff, and your business back in action with minimal disruption.  Here’s how:

1. A forensic team is engaged to uncover the scope of the data breach and discover the source of the cyber attack.

2. The insurance company will cover the losses your business incurred from any disruptions to business operations. 

3. A public relations team is hired to help your business offset what might be the biggest hit to your business, reputation damage.

4. The insurance company covers legal support for the cost of legal fees and settlements if your business is sued because of a data breach.

5. The insurance company covers all costs incurred for notifying people whose data has been illegally accessed.

Is Cyber Insurance Expensive?

The cost of coverage starts at approximately $2,500 per year depending on the needs of your business. If you are looking for a quote, feel free to visit Wiseblott.ca and get a free quotation from the Wiseblott Insurance Team. They’ve helped hundreds of small businesses across Canada with all insurance related matters, including cyber protection.

Ok, So Now I Have Cyber Insurance, and I Get Attacked! What Do I Do?

Since you have a cyber insurance policy, all you need to do is call your broker – me, and I will immediately work with the insurance company to dispatch IT support to get you back online, a forensic team to solve the issue, a public relations team to manage your reputation, and any legal support. I work for you, not the insurance company, so I am here to make sure that the insurance company is supporting you until you are back to business as usual.  

What is the Digital Privacy Act and Do I Need to Report a Data Breach?

Under the Digital Privacy Act every business has a legal requirement to report privacy data breaches.  In the event of a material data breach, businesses are required to notify affected individuals and The Privacy Commissioner. It doesn’t matter how small your business is, since businesses of all sizes are required to report data breaches. Failure to comply can mean penalties of up to $100,000 per offence.

Remind Me Again, Why Does My Business Need Cyber Insurance?

• It’s NOT covered by standard insurance.

• Funds costly notification expenses required under the Digital Privacy Act if your business is hacked.

• Enhances protection for your business brand & reputation.

• Balance Sheet protection.

• Part of “Play Book” for Data Breach Response Plans / Disaster Recovery Plans

• Reassures the Board (Directors & Officers).

• Funds business interruption financial loss and helps minimize disruption.

• Responds to Cyber Extortion, Ransomware, Cyber Crime (e.g. Social Engineering Fraud)

• Responds to contractual, vendor or supply chain requirements for cyber insurance.

• Includes Insurer’s pre- & post-breach resources and crisis management.

• Includes cyber & privacy liability protection.

• Helps protect the data interests of your customers, stakeholders, volunteers, and employees.

• Many broad coverage options available with Insurers at competitive premiums.

Key Features of Cyber Insurance Policy Coverage:

• IT support

• Forensic Review

• Crisis Management

• Cyber Extortion Defense

• Worldwide Coverage

• Data Breach Coverage & Notification Expenses

• Business Interruption Loss

• Brand/Reputation Support

• Legal Support

• Identity Fraud Alert Service

All small, medium and large businesses face cyber or privacy risks. These can include lost or stolen laptops, phones, thumb drives, employee error, malicious or criminal activity, unauthorized network access, or rogue employees. Often times these can lead to undeniable hardship, and every business should take action to ensure you’re protected. Make yourself aware of all of the harms of cyber attacks and familiarize yourself with the following Cyber Attack Glossary terms and definitions!

Cyber Attack Glossary

A malicious application or script that can be used to take advantage of a computer’s vulnerability.

The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.

A defensive technology designed to keep the bad guys out. Firewalls can be hardware or software-based.

An umbrella term that describes all forms of malicious software designed to wreak havoc on a computer. Common forms include: viruses, trojans, worms and ransomware.

A type of malware aimed to corrupt, erase or modify information on a computer before spreading to others. However, in more recent years, viruses like Stuxnet have caused physical damage.

A form of malware that deliberately prevents you from accessing files on your computer – holding your data hostage. It will typically encrypt files and request that a ransom be paid in order to have them decrypted or recovered.

A piece of malware that often allows a hacker to gain remote access to a computer through a “back door”.

A piece of malware that can replicate itself in order to spread the infection to other connected computers.

A type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. A collection of these infected computers is known as a “botnet” and is controlled by the hacker or “bot-herder”.

An acronym that stands for distributed denial of service – a form of cyber attack. This attack aims to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets).

A technique used by hackers to obtain sensitive information. For example, using hand-crafted email messages designed to trick people into divulging personal or confidential data such as passwords and bank account information.