News / Security /

Not sold on cyber insurance? Here’s why you might want to consider it

The current global regulatory crackdown on data and privacy breaches — including Canada’s new Digital Privacy Act — is convincing more businesses to take a look at cyber insurance.

Share this article:

Keeping enterprise networks secure is a risky business.

Is it worth buying cyber insurance to reduce or manage some of that risk?

When 102 business-risk managers from across Canada were surveyed at the end of September, 42 per cent said they still don’t have cyber insurance — even though 87 per cent have experienced at least one hacking incident during the past year.

Since cyber coverage is relatively new (it’s only been around for about a decade), many businesses still aren’t completely sold on it. There is evidence, however, that it’s becoming more popular. When the Risk and Insurance Management Society (RIMS) polled 284 of its U.S. members in June, 74 per cent of companies without cyber insurance said they would consider buying it within the next two years.

Calgary lawyer Roland Hung told expertIP that cyber insurance is on the upswing in Canada.

“I do have a sense that it’s definitely a growing trend. The (U.S.) trend is catching up here in Canada,” said Hung, an associate at McCarthy Tétrault.

If your organization is still on the fence about cyber insurance, there are quite a few things to consider. First, don’t assume cyber breaches are covered under your general commercial policies for liability or errors and omissions (E&O).

“Cyber insurance is totally separate from E&O and a lot of companies fail to understand that,” said Hung, who covered the topic for the Canadian Tech Law blog site in July.

Second, getting cyber coverage could take longer than other types of insurance because there’s no standardized template for it yet within the insurance industry, Hung said. Since cyber incidents are way more likely to hit businesses today than, say, fires, floods and thefts, many insurers also require a cyber security audit of your company before granting coverage, he added.

Cost is another issue, with cyber policies more expensive than many other kinds of coverage. Remember that June survey of 284 U.S. business-risk managers that I mentioned earlier? Among surveyed companies with less than $20 million in cyber coverage, 49 per cent said it costs them more than $100,000 per year in premiums.

Hung added, however, that smaller businesses that never send customer data to the cloud may pay lower premiums than “a big tech company that uploads a lot of information to the cloud with multiple servers in multiple jurisdictions.”

Coverage may ultimately be worthwhile, Hung said, when you compare the cost of cyber insurance premiums to the myriad costs associated with a data breach.

“There’s generally a horrible reputational type of damage, which is very hard to recover from,” he said. “You might also lose your clients or some of your employees. Sometimes your stock price will fall.”

The current global regulatory crackdown on data and privacy breaches is also convincing more businesses to take a look at cyber insurance. Canada’s new Digital Privacy Act imposed tougher breach notification requirements on businesses as of July 1. On Oct. 6, the European Union announced that it’s drawing up stricter Safe Harbor data regulations, too.

“In light of this (regulatory climate), there’s a lot of risk as to whether your business is doing enough to secure the information you’re transferring,” Hung said. “Cyber insurance can provide that comfort that you’re protected perhaps against the outcome of a breach.”

The same thought has apparently crossed the minds of the aforementioned Canadian risk managers surveyed in September; 70 per cent of them said the new Digital Privacy Act has made them “more inclined” to buy cyber insurance.

Will your organization be joining them?

Image courtesy of Free Digital Photos

Share this article:
Comments are closed.