You train, test, and monitor, but it still happens. A busy employee clicks on a link in an email only to realize it’s a scam. What they don’t know is that the malware embedded in that link has triggered a series of actions deep inside your company’s systems. Within minutes, every bit of your data is available to a cyber thief, and your network is shut down.
With a vigilant employee and IT team, you may have been able to stop the hack. But most often, the damage is done before your cybersecurity systems can respond.
The costs of closing such a breach and rectifying the damage could be astronomical. And if the cyber incident isn’t accidental, you could be dealing with an employee crime.
The good news is both accidental and intentional cyber damage can be insured. But getting the right mix of cyber insurance coverages is imperative.
Cyber Risk Continues to Be a Top Concern in Canada
Cybersecurity incidents impact Canadian businesses at alarming rates. In 2021, 18% of Canadian businesses reported experiencing a cyber incident, slightly down from 21% in 2019. However, the financial consequences have worsened. The average cost to recover from a cyber incident rose to $19,000 per business in 2021, up from $11,000 in 2019.
A study by Statistics Canada also revealed that Canadian businesses spent a staggering $9.7 billion on cybersecurity in 2021, a 40% increase from 2019. This includes measures to prevent, detect, and recover from cyber incidents.
Human Error and Cyber Threats
Human error is still a leading cause of cybersecurity breaches. Despite efforts, only 61% of Canadian businesses provided formal training to develop or upgrade cybersecurity skills for their non-IT employees. This leaves a considerable portion of the workforce vulnerable to phishing and other forms of social engineering.
Ransomware attacks have become more prevalent in Canada. In 2021, 11% of businesses that experienced a cyber incident reported being impacted by ransomware. Of those, 18% made a ransom payment, with some paying over $500,000. This underscores the need for robust cyber insurance and response plans.
You Can Manage Your Cyber Risk
Training employees to spot and report phishing attempts and other cybersecurity concerns is critical. While training is fairly inexpensive and enormously beneficial, it must be supplemented with testing, corrections, and refresher courses. Additionally, you must empower your employees to report suspicious activity by colleagues.
Multi-factor authentication (MFA) is another effective way to reduce cybercriminals’ access to your systems. It requires anyone attempting to enter your network to provide their user credentials and one or more other factors to verify their identity.
Companies should also limit access to systems, ensuring that users with access are easily identifiable.
The Role of Cyber Insurance
Cyber insurance has two components: first-party coverage and third-party coverage.
- First-party coverage ensures lost data or revenue due to lockouts.
- Third-party coverage ensures your company’s liability for damage done to others due to a cybersecurity failure on your part, usually a data breach.
Cyber insurance responds to whether the breach occurred because of an employee’s erroneous actions or a failure in your cyber defences.
It’s worth noting that cyber insurance is not standardized; it is tailored to the needs of each policyholder. Common reimbursable expenses include:
- Investigations
- Revenue losses
- Breach notifications
- Lawsuits and extortion
- Data restoration
- Replacement of damaged hardware or software
- Credit monitoring for victims
- PR services to prevent or lessen reputational damage
For internal cybercrime, such as cyber embezzlement or data theft, you would need a fidelity bond or employee crime insurance. This type of policy addresses malicious acts committed by employees and provides protection against embezzlement, theft, and intentional data damage.
Demonstrating Cyber Risk Management
Canadian businesses are increasingly recognizing the importance of cyber risk management. However, implementing these measures is crucial for obtaining comprehensive cyber insurance. In 2021, only 16% of Canadian businesses had cyber insurance coverage, which represents a slight drop from 17% in 2019. Insurers are more likely to reject applications or charge higher premiums if there are no adequate cyber risk management measures in place.
Proactively managing your company’s cyber risks will not only protect your assets but also make obtaining and maintaining cyber insurance more accessible and affordable.
About Wedgwood Insurance
Wedgwood Insurance has offices in St. John’s & Corner Brook and is Newfoundland & Labrador’s largest independent insurance broker. We provide straightforward home, auto & business insurance advice.
With over 270 Google My Business reviews, experience the Wedgwood difference with expert advice from our dedicated team. We ensure that every client has the coverage that best suits their needs through upfront complimentary consultations and midterm reviews.
Contact Us