Although we’ve been living in an electronic, online world for quite some time, cyber insurance is still very new, and very misunderstood. Many of us think we’re already protected from hackers, data breaches, malware and viruses by our IT service contracts, or if not that, then by our general liability insurance. So, to set the record straight, here are the top five myths about cyber insurance, and the straight facts.
MYTH: Hackers won’t bother with my business. It’s too small.
OK, you got us. Hackers are more likely to target larger businesses. Forty-one percent of large Canadian businesses have been affected by a cyber security incident.
FACT: Hackers target everyone, and small businesses are not equipped to deal with an attack.
Although larger businesses are at greater risk, 19% of Canadian small businesses have already been affected by a cyber security breach, and are seen as a soft touch by hackers as they usually don’t have the resources to properly protect themselves, or to deal with a breach when it happens. Small businesses, especially, need the talents of our elite cyber-recovery team when a hack happens.
MYTH: That’s why I have business insurance. My general liability policy will protect me.
If you think your business insurance policy covers hacking and other cyber attacks, we challenge you to go read your policy again.
FACT: Almost all cyber risks are excluded from a standard business insurance policy.
Your Commercial General Liability (CGL) policy is designed to protect you for liabilities caused by bodily injury and physical damage to third parties. Your Errors & Omissions (E&O) policy is designed to protect you for liabilities from financial damages to others arising from your professional services. Neither policy will protect you from damages arising through a loss of personal data.
In addition, the most likely outcomes of cyber crime lead to substantial costs to your own business from lost revenue, ransom payments, finding and removing malware, fraudulent funds transfers, reputational damage etc. Because these are costs relating to your business, they are not covered under any liability policy, and are also not covered by your commercial property insurance which is designed to protect your building and physical business contents and equipment from loss.
Risks related to the internet, online privacy, online payments, access to data, and to IT systems generally, are not very well understood by the insurance industry at this point. We partner with the leading insurance companies that specialize in cyber risk, and offer comprehensive protection for these risks.
MYTH: My business doesn’t hold a lot of sensitive data. I’m not at risk.
If you’re in the healthcare or financial sectors, a breach of your cyber security will cost you more than any other sector. But every sector is affected by hackers.
FACT: Your biggest risk may not be related to your data at all.
Losing sensitive customer data into the wrong hands can create massive liability for your business, but what’s more likely to happen is that you are affected by a ransomware or denial of service attack, where hackers get into your system, and then promptly lock you out until you pay some sort of ransom, usually in bitcoin. Do you even know how to get bitcoin? Our experts do.
Have you ever received a scam e-mail? Have you noticed that they seem to be getting harder to detect? Well, you’re not the only one… an astonishing 31% of people click on the links from these phishing e-mails, and 17% of people enter their credentials. Your employees are also receiving these e-mails daily, so training and awareness is critical, and so is insurance protection for when that link gets clicked.
MYTH: My business outsources our IT services. My tech support contract protects me.
It’s true that if your IT services provider does something that leads directly to a data breach or other loss, they may be at least partially liable.
FACT: Most of the liability, and cost, and work, will fall to you.
IT service providers are very aware of liability, and they write their contracts in such a way that protects them. Besides, there are many ways for your systems to become compromised that have nothing to do with your service provider. And even if it is their fault, proving it may require a long and drawn out court proceeding. When a breach happens, you need help right away, and your IT provider is unlikely to have the resources to help get your systems back up and running.
MYTH: Cyber Insurance is there to insure my business against costs of telling my customers about a breach.
In part, that’s true. The costs of notifying your customers about a loss of their data can be surprisingly high and are covered by any respectable cyber insurance policy.
FACT: Cyber Insurance policies have evolved to become so much more than breach notification.
First and foremost, your cyber insurance will provide you with an elite cyber-response in the event of a potential claim. How you respond to a hack can make or break your company and it’s absolutely critical to have the right team of experts in your corner as soon as you recognize an issue. This is the main consideration in how Mitchell & Whale chooses its cyber insurance partners.
A good cyber insurance policy will also cover so much more that customer notification costs – this is really just the tip of the iceberg. Your policy will also cover legal defense costs and any damages you are asked to pay, costs of working with regulators, any fines or penalties that you receive from a breach of regulation – not to mention the substantial costs of finding the issue that caused the hack in the first place and repairing it and reinstating data.
It’s always worth remembering that the majority of incidents do not related to losing sensitive client data, but are centered around viruses and malware, denial of access to your systems or data, ransoms you are asked to pay by hackers or funds that are transferred to a criminal organization when someone in your business falls prey to a phishing scam. A good cyber insurance policy will cover all of these things too.
Finally, if any of these things happen to you, it’s likely that your business will incur other losses due to a drop in trading or reputational damage. These losses will be covered by a good cyber insurance policy.
MYTH: This is a problem that mostly affects U.S. businesses, because over there everybody sues everybody for the littlest thing.
You’re part right. Costs related to cyber attacks are highest in the United States. Guess who’s in second place in the world table of average hack costs? Canada.
FACT: Cyber attacks are a huge issue in Canada, lawsuits are a real concern, and recent changes to privacy laws mean you could be subject to big fines for losing client data.
Cyber breaches in the U.S. lead to an average total recovery cost of about $310 per customer record. In Canada, the cost is closer to $270 per record. Changes to Canadian privacy legislation in November 2018 require all businesses that suffer a breach to report it to their provincial privacy commissioner, at which point it becomes public knowledge. No more sweeping a breach under the rug for us. That means costs will no doubt be escalating.
Mitchell & Whale partners with a handful of insurers that are leading the way on cyber coverage. Each one offers a slightly different package of coverages. What they all have in common is that they all offer you access to an elite cyber-response team. Because when you discover a breach, you won’t just need us to pay your claim. You’ll need guidance in how to see your business through the breach, and back to regular operations. Call us for a quote today at 1-800-731-2228 or contact us online.
Want to add to this story? Let us know in comments below! Mitchell & Whale is a fast-growing insurance brokerage in Ontario, striving to make insurance _not suck_ one customer at a time. Give us a call today to discuss any of your insurance needs at 1.800.731.2228.