Times are rapidly changing, and how we communicate and do business has, too. This has brought on new risks and liability exposures that seemed unimaginable a few decades ago. Claims and legal expenses to cover insured losses from privacy breaches, copyright infringement, and errors and omissions are on the rise.
Commercial cyber insurance helps to protect an association, business, or individual from the negative impact and costs of cyber threats such as breach, theft, or unauthorized disclosure in electronic format of another party’s personal information. Any business, no matter how small or large, can be a victim of cybercrime or have a cyber breach.
Our brokerage represents specialty insurers that provide many unique coverages required by those in cyber and computer-type fields, including software developers, network support, IT consultants, website developers, graphic designers, and media and advertising firms.
Possession of any party’s personal information, such as phone numbers, credit card details, and birth dates, must be safeguarded. A lost or stolen laptop containing a vendor or customer’s information or a virtual thief from the other side of the world who is hacking into a computer, phishing scams, or ransomware are examples of adverse events that are occurring daily. Standard property and liability policies exclude damage and liability from these kinds of events. Specialty policies offer coverage that can be customized to fit the needs of an organization.
Commercial cyber insurance is a type of business insurance designed to protect a business’ liability for data breaches related to customers’ personal or sensitive business information. Cyber insurance provides protection and coverage for the security and privacy of digital information and data should your business or organization be a victim of a cyber breach.
Every business can benefit from commercial cyber insurance because, today, pretty much every single company or individual conducts at least some of their business online, which makes them vulnerable to cyber-attacks. If you sell products through e-commerce or maintain electronic customers’ records, you should carry cyber insurance to protect your organization from risk. A breach of the systems containing this personal and commercial information can be extremely time-consuming and costly.
When your business experiences losses related to an insured peril covered by your commercial cyber insurance policy, you can expect your insurance carrier to compensate for certain costs up to the coverage limits listed on your policy. What is covered can vary a bit based on the insurance company and how your policy is written. Still, generally speaking, business cyber insurance includes coverage for costs such as:
Having access to reactive assistance such as legal advice and crisis management from professionals who have dealt with these types of situations many times over is extremely important in the aftermath of a cyber attack. For example, if you were hit by a ransomware attack and extorted with a demand for payment by an organization in a foreign country, it could be considered a federal offence to send money to that organization based on the country it is in and its ties to the federal government there. With the necessary legal advice from experienced professionals, you can get help to develop the right incident response plan to deal with the problem and resolve it without inadvertently making it worse.
In addition to the standard types of coverage on your Ontario commercial cyber insurance policy, you may need or want the security of additional coverage—mainly if you frequently transfer money electronically or store sensitive information. Here are a few coverage types worth considering for your commercial cyber insurance package.
Data compromise, cyber and privacy breach expenses insurance provides assistance for organizations before and after an event. Educational information and tips on preventative measures are available. Consultation is provided if a breach occurs with a plan on what to do, how and when to notify others and to mitigate public relations issues. Limited expense reimbursements are included to assist with managing the event. However, these types of options are not actual liability insurance coverage and can often be purchased without actual cyber liability insurance coverage.
This commercial cyber insurance coverage is needed to provide defence and legal liability for damages if the business or organization (the insured) is legally liable for failing to protect confidential information.
Some commercial cyber insurance policies may offer coverage for PCI-Payment Card Industry fines and penalties or defence expenses in the event of a regulatory action regarding a privacy breach.
When people think of cyber attacks, they typically think about hacking and malware. But it’s often easier, and therefore more common, for cyber criminals to extract information or get access to your systems through social engineering. That essentially involves manipulating and lying to business owners or their employees in order to convince them to give up pertinent information or consent to allowing the hacker access to a computer or network.
Many people assume they don’t need social engineering coverage because they simply won’t fall for those tricks, but that’s not necessarily realistic. Social engineering scams can be incredibly sophisticated, and hackers have finely tuned these processes over many years of trial and error. If they catch you or one of your employees in a moment when you’re distracted by something else or just having a bad day, it’ll be easier than you may think to get what they want out of you. Social engineering insurance provides you with Ontario commercial cyber insurance in the event that you or your employee are tricked into handing over information or access.
If you are the victim of hacking, social engineering fraud, phishing, or other types of cybercrime and lose money, your insurance provider will not reimburse you for the lost funds unless you have cybercrime coverage on your commercial cyber insurance policy. With an endorsement for cybercrime, you can access insurance compensation to recoup some or all of the lost money, depending on your policy’s coverage limits.
The exact types of data that are covered by your Ontario commercial cyber insurance policy will vary according to your particular insurance company and the terms laid out in your policy. If you need to know which types of data are covered, it’s essential to consult with your broker at Morison Insurance. Let your broker know all the types of data you typically deal with when you start a commercial cyber insurance quote so they can ensure you have the right coverage and will be eligible for compensation if your data is stolen.
That being said, here are some of the data types that are commonly covered or have commercial cyber insurance coverage options available:
Suppose you use a third-party service such as a data center or cloud provider to store and/or transmit sensitive information. In that case, clarifying that with your insurance broker is essential. This could include services such as data back-up or processing, infrastructure as a service, co-location, software, cloud services and more. Some insurance companies may offer options for commercial cyber insurance coverage that applies to a computer system operated for the benefit of the insured by a third party. There is typically a distinction between a computer system that is operated by a third party solely for the insured and a shared computer system that is operated for the benefit of the insured under a written contract, so it’s necessary to know which situation you’re dealing with when you speak to your broker.
Commercial cyber insurance is a fairly specialized coverage designed to address risk exposures related to cyber-attacks. People sometimes have the misconception that it applies to anything that happens with computers or the internet, but that’s not the case. For example, suppose your employee hacks your system, embezzles money or purposefully causes damage to your data or computer systems. In that case, your commercial cyber insurance will not cover those losses but employee dishonesty coverage on your business insurance policy.
How you store and handle certain types of data can also influence whether you can file a claim on your commercial cyber insurance. Canadian business owners should be aware that there are regulations concerning the safe storage of payment information, and you will not be eligible for a commercial cyber insurance claim if your business is not in compliance with those regulations.
Another example of something that people may assume is covered by commercial cyber insurance, but actually is not covered, is damage to computer systems or a loss of data that is caused by a power surge, mechanical failure or operator error. Those types of losses fall under equipment breakdown coverage, which is a type of commercial property insurance.
Both standalone policies and endorsements added to an existing business insurance policy are possible for commercial cyber insurance. While a typical business insurance policy does not include business cyber insurance coverage, it can be added on as an endorsement. However, the scope and limits of the coverage provided by an endorsement are usually not sufficient to allow business owners to avoid paying out of pocket for at least some of the costs they could incur in the aftermath of a cyber attack. A standalone policy for Ontario commercial cyber insurance will generally provide more extensive coverage and the option for higher limits, so it’s a better choice for those who are vulnerable to losing a significant amount of money as a result of a cyber attack.
They aren’t exactly the same, though this is a fairly common misconception because the names make them sound like they offer the same coverage. While they are similar, commercial cyber insurance applies to both first-party and third-party damages, meaning that it would apply to the costs of cyber incidents that affect your own data as well as cyber incidents that affect the data of a third party or parties such as your customers. Data breach insurance, on the other hand, applies only to first-party losses related to damage or theft of your data. Since commercial businesses rarely deal with just first-party data, commercial cyber insurance is usually the best option for a business owner.
This is another common misconception. Technology errors and omissions insurance is a type of professional liability insurance that applies to losses caused by errors, negligence, and other factors related to technological products or technology-based services. It does not provide coverage for losses caused by the theft or extortion of third-party data, which is covered by Ontario commercial cyber insurance.
Some business owners don’t worry about preventative cyber security measures once they have commercial cyber insurance in place, but the truth is, both are necessary, and they don’t play the same role in protecting you and your businesses against the consequences of a serious cyber attack. Preventative measures such as encryption, firewalls, information security services, educating employees about phishing attempts and more are designed to stop a cyber attack from occurring by making it much more difficult to access your system and take sensitive, protected or confidential data. This is, without a doubt, the preferred scenario because it means you don’t have to deal with any of the stress and hassle of potential financial losses—not to mention reputational damage to your business, which is not easy to mitigate. There are many easy-to-implement cyber security tips for businesses that will save you time and frustration later.
On the other hand, commercial cyber insurance in Ontario is designed to help you handle the aftermath of a cyber attack. It makes it possible for you to receive insurance compensation for various liability-related costs that pertain to data breaches and more. Suppose your cyber security measures fail and information is taken from you. In that case, you’ll need financial assistance to handle expenses such as attorney fees, settlements, the cost of notifying affected third parties that a data breach has occurred and much more. However, there are some consequences of a cyber attack that can’t simply be erased with Ontario commercial cyber insurance coverage, so it’s still essential to take steps to prevent data breaches from happening in the first place.
Some insurance companies offer advice and other services that assist with preventative cyber security and help their clients avoid cyber risks, either for free or at a discounted rate. That could include information security consulting, assessments of your current cyber security measures, and cyber awareness training. Your insurer may also be able to provide you with a list of approved vendors who offer cybersecurity assistance that meets or exceeds the insurance company’s expectations for adequate information security practices. Consult with your Morison Insurance broker to learn more about discounts or offers available to you through your commercial cyber insurance provider.
That depends on a wide range of factors, so it’s difficult to provide an estimate without knowing more about your business needs. For example, if you choose an endorsement for an existing policy, it will be less costly than a standalone policy. Some of the factors that go into determining a commercial cyber insurance quote are:
Absolutely. Many small business owners need to consider getting commercial cyber insurance coverage, even if they transfer money or transmit and store private information. They assume their business is too small to be targeted by cybercriminals, which makes it an even more tempting target.
Large businesses with hundreds of employees or franchise chains with corporate head offices are likelier to have their own information technology department, often with in-house cyber security specialists. That means they are a lot more protected and more challenging to hack than a small business with little to no cyber security protection, and hackers, phishers and other types of cybercriminals are keenly aware of that fact. They are more likely to attack a small, unprotected business and get what they can before quickly moving on to the next business than they are to spend a lot of time and resources trying to get around the ironclad security measures that large companies and organizations have in place.
If you need more information or a commercial cyber insurance quote, Ontario insurance brokers at Morison Insurance are here to help. Our experienced brokers work for our clients, not for the insurance companies, so we prioritize your best interests and make it our mission to find insurance coverage that addresses your unique risk exposures. Get in touch with us today at 1-800-463-8074 to speak with a friendly Morison Insurance broker and find out more about Ontario commercial cyber insurance for your business. Our expert brokers can provide you with the peace of mind that your business is protected from cyber threats.