Cyber Liability Risks and Insurance

Back of person wearing black hoodie facing a screen of binary code and the work hacked

All businesses and other types of organizations use information technology (IT) of some sort, either email communications, a web site, and/or stored customer, employee and partner information, to name the most common.   Your business or organization could become liable, if certain data was to be lost, stolen or accessed by unauthorized persons.  This could result from an attack on your computer network, or from a lost or stolen smartphone or notebook computer.  Understanding your cyber liability risks and insurance options is critical in today’s  world. 

According to the Insurance Information Institute, “Insurance experts now consider the risk of cyber liability losses to exceed the risk of fraud or theft.”

Potential Costs

The costs of responding to and recovering from data loss, theft or compromise can be substantial.  These costs could include:

Liability:  You may be liable to customers and other third parties for costs they incur as a result of the incident.

Class action lawsuits:  Large-scale data breaches have led to class action lawsuits filed on behalf of customers whose data and privacy were compromised.

Notification expenses:  All those potentially affected by the data incident need to be informed.  This can be quite costly if the list is large.  Beginning November 1, 2018 Canadian companies will be required to report data breaches to customers, affected third parties and the federal privacy commissioner. More on these new regulations can be found here.

Regulatory Fines:  For those not complying with the new Canadian data breach reporting regulations, courts can impose fines and order non-compliant organizations to change their practices. 

System Recovery:  Recovering from a data incident can be quite costly as it can include services to determine how the incident occurred, data recovery, replacement of computer equipment and upgrading of security systems and policies to help prevent a recurrence.   Also, during the recovery period after a data incident, your business may not be fully operational, which can mean lost productivity, revenue and profits. 

Customers and your reputation:  A data-related incident could affect your reputation and result in lost customers.  This type of loss could be considerable and have long-term affect. 

Your Job:  If responsibility for ensuring your organization’s data is secure, rests ultimately on your shoulders, consider that there could be implications regarding your job security. 

Cyber liability insurance Coverage

Standard business insurance policies may provide some coverage for certain types of cyber incidents.  An example could be loss of data as a result of hardware failure or a computer virus.  Recovery or replacement costs may be included.

For a more comprehensive range of cyber liability risk coverage, you will require a stand-alone policy.  This can cover risks such as:

  • Loss or corruption of data
  • Business interruption
  • Multiple types of liability
  • Identity theft
  • Cyber extortion
  • Reputation recovery

In order to obtain more comprehensive cyber liability insurance, the applicant must supply information regarding the existing IT security measures and policies that are in place.  Insurance may be refused where protections are inadequate and thus the risk too high from the insurer’s perspective.  Alternatively, insurance may be approved, but at a higher cost based on the risk factor.  Prudent IT security systems and enforced policies are a must for approval and for the best rates on your cyber liability coverage. 

BSC Solutions Group offers comprehensive Cyber Security Solutions to organizations across the Greater Toronto area.  To learn more about how we can help protect you,  contact us today.