Get your online insurance quote

How Cyber Insurance Protects Your Business

Curtis Killen

As president of KBD, Curtis aims to simplify insurance for his clients. He’s helped lead KBD to become one of Canada’s fastest 400 growing companies according to the Globe & Mail.

Edited on:

Published on:

Picture this: 

You come into work one morning, pour yourself a coffee and open your computer, ready to start the day.

The first thing you see is this:

You’ve been the victim of a ransomware attack. Your entire computer is encrypted and you can’t access anything. 

What do you do?

The rise of cyber attacks in Canada

Cyber-attacks have become a major issue for Canadian businesses.

In 2017, 21% of Canadian businesses reported that they were impacted by a cyber-attack that affected their operations. 

That’s roughly 245,700 companies!

Of the 245,700 cyber-attacks recorded in 2017, 54% prevented employees from carrying out day-to-day work and 30% experienced additional repair or recovery costs.

To offer some perspective on this data, guess how many fires affected Canadian businesses in 2014?

6,004

If we do the simple math, your business is 40X more likely to suffer from a cyber-attack than it is a fire.

Yet still, in 2020, most prospects I visit don’t have cyber insurance. But they all have fire insurance.

That feels a bit twisted to me, considering the odds.

Having a cyber insurance policy should be part of your company’s risk management strategy.

In fact, it’s essential business insurance if you keep any information online.

Let’s dive into what’s covered and why your business needs this coverage. 

What coverage can cyber liability insurance provide for businesses?

Rule #1 – You don’t have to be a tech company to benefit from this insurance policy 

Rule #2 – Not all cyber insurance policies are created equal. 

Like anything in life, you get what you pay for, and this insurance is no different. 

Some insurance policies are “fluffy” when it comes to cyber coverage, while others provide full comprehensive protection. 

To take away the guesswork, here are 3 cyber insurance companies that specialize in the cyber niche for small & medium-sized businesses.

  • Beazley Canada
  • CFC Underwriting
  • Victor Canada

KBD Insurance can quote your business with all 3 to see which quote is the most competitive. And each of these insurance companies provides more or less the same cyber protections, so there aren’t many drawbacks to choosing one over another.

Before we dive into what’s covered, it’s important to note that cyber insurance can be split into 2 main categories.

  1. Protections for your business data & network
  2. Protections for compromised client data or system network 

Roughly 60% of the coverage is insurance for your company, while the other 40% is cyber liability.

Cyber liability is coverage if your business loses customer data or your systems accidentally infect a customer’s network and you are sued as a result.

Here are two examples:

1 – “Law firm ABC” gets hacked, they lose all their customer data. The customers sue law firm ABC. 

This would be covered under cyber liability. 

2 –   You are a cloud service provider (i.e. you host other people’s websites on your servers). 

Your servers get infected with malware; this malware is transmitted to your client’s website. 

If you become legally obliged to pay for the damages done to your client’s website, it would be covered under cyber liability. 

If you’re confused, don’t worry. 

Here’s an infographic to help illustrate the structure of a cyber policy below.  

Here’s a list of important cyber insurance policies you should consider getting that will cover your business:

Breach notification cost insurance

Did you know that as of November 1st, 2018, all Canadian businesses are required to notify their customers if their personal information is breached? 

“Notifying” can include sending each client a registered letter. If you’re not aware, a registered letter costs almost $10.

$10 X your number of clients = a lot of money. Unless you can send the bill right on over to your insurance provider.

“Breach notification” insurance will cover the costs incurred to notify your customers after your business suffers a data breach. 

Security and forensic cost insurance

If your company is the victim of a cyber attack, what’s the first thing you need to do? 

Contact an IT expert. 

The expert will identify what happened & how to move forward. 

Security & forensic cost insurance covers the costs to hire an IT team to repair your network systems. 

In many circumstances, the insurance company will provide you with their own team of IT experts to remove any malware or computer virus. 

This saves you the time of having to find an IT expert yourself, and the cost of using one.

Cyber Crime Insurance

This insurance is for when your company is extorted or when a hacker steals money from your bank account electronically.

An example of cyber extortion would be a ransomware attack; they encrypt your computer, and demand a ransom in bitcoin. 

As a tip, do not negotiate with cyber pirates!

Report the issue to your cyber insurance company and let them deal with the situation. 

System Damage insurance

Losing important data can cripple your business. 

Imagine having to re-enter every one of your clients manually back into your CRM after a cyber breach. 

Then think about the cost of manual labor and lost business opportunities. 

System damage insurance covers all of this.

Business interruption insurance

Imagine the scenario from the beginning of this blog.

You come into work and your entire office network is encrypted, leaving you unable to use your computers.

In the time that it takes to fix the situation, how much revenue has your company lost as a result?

It can take days, weeks or months to recover from a ransomware attack if your company doesn’t have backups of your information.

Business interruption covers businesses for lost profits after any type of cyber attack. 

Reputational Harm insurance 

If client data is compromised, it’s a law that you need to notify your customers.

This also means you need to take into account how your clients will react to the news.

Reputational harm insurance covers the PR (public relations) costs your business incurs for damage control.

Here’s the cyber insurance coverage applicable to compromised client data or system networks:

Network security liability insurance

This covers the transmission of malware to a third-party computer system. In other words, if your network accidentally infects the network of your client, you’re covered. 

Let’s take the same example from earlier. 

You’re a cloud service provider (i.e. you host other people’s websites on your servers). 

Your servers get infected with malware; this malware is transmitted to your client’s website. 

If you become legally obliged to pay for the damages done to your client’s website, it would be covered under network security liability.

Cyber Liability Insurance

Whenever you see the word “liability” in insurance, think “coverage if my business gets sued.” 

For example, let’s say your customer data is compromised.

Cyber liability would cover lawsuits brought against your business for losing the customer data.

Technology Errors & Omissions Insurance

When you make a mistake that costs your client money, you’re likely to be sued. 

Tech E & O pays for your defense costs (if you need to hire a lawyer). 

Here’s an example:

You’re an IT consultant, and you install the internet for your client, but you forget to install the firewall.

Your client suffers a major cyber attack as a result & it costs his business $10,000. 

If he sues you, your technology E & O would cover all the costs related to the lawsuit.  

Why businesses need Cyber Liability insurance

So far, we’ve discussed the rise of cyber attacks in Canada and what’s covered in a comprehensive cyber insurance policy.

We also looked at how you can split a cyber policy into two sections:

  1. Insurance for your business data & system networks 
  2. Insurance for client data & client networks 

Now, let’s discuss why you need cyber insurance.  

Reason #1 – The cost of a data breach. 

According to a report from IBM Security, the average cost following a data breach is $187 per record in the Canadian financial industry.

In the study, “per record” refers to “per person.” 

So in Layman’s terms, the average cost to “fix” a data breach is $187 per client who lost their data.  

That’s an expensive bill if your company holds sensitive client data.

Reason #2 – It could save your business from bankruptcy.

Cybercrime magazine reports that 60% of small companies close within 6 months after being hacked. Insurance can keep you afloat so you can keep doing what you love instead of scrambling to pay for damage done to your network, business, or a third-party.

Reason #3 –   A cyber liability policy provides your company with expertise

In the event of a data breach or cyber-attack, the right insurance policy will provide you with an incident response team, which is a team of specialists to help guide you through any type of breach or attack.

All the insurance companies KBD works with provide this coverage, and it’s an important reason to get it. Having on-demand support can save your business.

Reason #4 – It’s not if, but when you suffer a cyber attack

1 in 5 businesses will be victims of a cyberattack this year. 

Even if your business has high-grade cyber defense, the possibility of an attack still exists. 

We hear every week in the news about major corporations and banks losing client data, and if it can happen to them, it can happen to you. 

Who needs cyber liability insurance?

One piece of advice I always tell my commercial insurance clients:

“Don’t assume that just because you use third-party CRM software, your business is absolved of all liability in the event of a data compromise.”

In other words, if you store your client data on “the cloud,” you can still be implicated in a lawsuit after a cyber hack.

Here’s an example: 

You use “Cloud XYZ” software to keep track of customer orders and client banking information. 

They’re a big tech company out of California. 

One day, a data breach occurs and 10,000 of your clients lose their data; all stolen from Cloud XYZ’s software program.

In this scenario, your customers aren’t going to care about Cloud XYZ; they’re going to be upset with your company. 

While it’s not your fault for losing the client data, it will be your mess to clean up, and you’ll need to hire a lawyer to push the blame onto Cloud XYZ. 

Your business may need to pay for credit monitoring services.

Maybe you’ll be fined by the government.

Additionally, it’s no guarantee that Cloud XYZ will even admit that it’s their fault!

Maybe your IT team installed Cloud XYZ incorrectly. 

The point of this scenario is to illustrate that there are many moving parts in the event of a cyber liability insurance claim.

Just because “it’s not your company’s fault” does not mean you’re absolved of all responsibility in the event of a data breach. 

Having the right data breach insurance policy will pay for the costs to defend your company in situations like this.

How to Choose a Cyber Liability policy

Choosing the right cyber risk insurance coverage is easy if you get quotes from the 3 companies listed earlier. 

Here they are again:

  • CFC Underwriting
  • Victor Canada
  • Beazley Canada

As commercial insurance brokers, we place all of our tech, marketing and online services clients with these 3 insurance companies. 

We place clients looking for “stand-alone” cyber policies with these companies as well since their premiums are competitive and the coverage is broad. 

Additionally, it’s super easy to get a cyber insurance quote. 

The only question we ask:

What’s your business’ annual revenue?”

That’s it. 

Your average cyber insurance policy that includes liability as well as cybercrime costs between $800 – $5,000. The annual premium depends on the annual revenue of your business.

If your company has an in-house IT team and can answer detailed questions about the security infrastructure, these 3 insurance companies can give credits of up to 25% on your quote.

The Most Common Cyber Insurance Claims

In 2018, CFC Underwriting responded to over 1,000 cyber claims. 

Here’s a breakdown of the most common claims they came across:

A Final Word

Cyber attacks hit businesses every day, and it’s an exposure that no modern company can escape in today’s digital era. 

Statistics clearly demonstrate that attacks are on the rise, therefore, businesses need to adapt.

We talked about the rules of cyber security insurance:

Rule #1 – you don’t have to be a tech company to benefit from a cyber liability insurance policy 

Rule #2 – not all cyber insurance policies are created equal. 

We also discussed how to break down a cyber insurance policy into 2 parts:

  1. Coverage for your business data & network
  2. Coverage for compromised client data or system network 

Any business that uses technology can benefit from purchasing cyber liability insurance.

It’s especially important to have the right coverage if your business holds sensitive client data and banking information. 

If your company feels it’s time to purchase a comprehensive cyber insurance policy, give KBD a call today at 514-636-0002 and speak with one of our commercial insurance brokers!