What is Cybersecurity Insurance?

lady looking at computer showing a cyber security confirmation page

In today’s world, more and more companies are conducting their business online and relying on technology to store and organize data.

But if you’re business has never faced an issue with the loss of digital data from computers and networks, you’re probably wondering:

Is cyber insurance worth it?

The truth is cyberattacks can happen to any business, large or small. It’s not just the big guys that are targeted by hacks and other cyber threats.

And when it comes to dealing with cyber issues, protection is always the cheapest option!

In order to protect your business from financial loss related to cyber issues, you will need to consider a cybersecurity insurance policy.

What is Cybersecurity?

Cybersecurity involves protecting systems, networks, and programs from digital attacks – also known as “cyberattacks.”

These cyberattacks are usually focused on changing, destroying, and accessing sensitive information to extort money or interrupt business processes.

Regarding cybersecurity, the approach has many layers of protection that spread across data, networks, programs, and computers to protect sensitive information.

One of the most basic levels of cybersecurity starts with the user. Users need to understand and comply with basic security protocols such as choosing strong passwords, not opening unknown attachments in emails, and backing up their data.

Secure frameworks are also an important step in ensuring cybersecurity. Businesses must have a process for how they deal with attempted and successful cyberattacks.

However, even with these layers of protection, a cyberattack can still occur. This is why all businesses that deal with digital information should consider having cybersecurity insurance!

What are Cyberattacks?

Cyberattacks are security events that compromise your stored data. Some common types of cyberattacks include:

  • Malware: Malware is a type of intrusive and harmful software that can infect devices, networks, and users. These programs can monitor user actions and keystrokes, as well as delete, steal, or encrypt confidential data.
  • Ransomware: Ransomware is a type of malware that prevents files and information from being accessed until a ransom has been paid.
  • Phishing: Phishing attacks are often disguised as a legitimate person or organization via text message, email, or advertisements who is trying to steal sensitive information.
  • Denial of Service (DOS) Attack: In a DOS attack, the hacker overwhelms a system’s resources until it is unable to operate properly.
  • Spoofing: Spoofing occurs when a cyber criminal impersonates another user or device in order to attack the network, steal information, spread malware, or bypass access controls.
  • Brute Force: A brute force attack involves a hacker using basic information about the user to decode encrypted data by trying as many password combinations as possible.
  • Social Engineering: This form of cyberattack uses psychological manipulation to trick users into revealing sensitive information or making security mistakes.

What Else Can Compromise My Business’s Data?

Because technology is constantly changing, companies are now facing new risks and exposures for loss beyond cyberattacks and hacks.

There are many other cyber threats out there that can bring your business to its knees, including:

  • Technology errors and omissions
  • Hardware failures
  • Backup failures
  • Employees

Yes, even your employees can put your cybersecurity at risk, whether it’s intentional or not!

From poor password practices to weak access policies that fail to revoke employee access when it is no longer needed, the people who work for you can threaten the security of your data.

They may unsafely download apps and software that contain malware or ransomware onto company computers or fall for phishing scams.

However, it’s always possible that you may face a malicious employee. Although these types of cyberattacks are rare, they are harder to detect and can be costly.

What is Cybersecurity Insurance?

Cybersecurity insurance, or cyber insurance, is a type of business liability insurance that protects you and your business from cyberattacks and other risks. 

This coverage helps recover compromised data, restore the identities of both employees and customers, and repair damage to computers and networks.

Any business that relies on technology to operate is at risk of a cyberattack, including small businesses.

The loss, compromise, or theft of electronic data can have a significantly negative impact on a business, including loss of customers and revenue.

If your business does suffer from a cyberattack that results in compromised systems and data, you could face a significant financial loss.

Likewise, dealing with technology puts your business at risk for hardware and backup failures that can result in lost data.

Who Needs Cybersecurity Insurance?

If your business stores any kind of important data online or on computers, such as credit card numbers, phone numbers, and other sensitive information, then you could benefit from having cybersecurity insurance coverage.

For example, medical clinics and physician’s offices need additional insurance coverage to protect sensitive information, including cybersecurity insurance.

Likewise, if you are an accountant that stores credit card and other financial information about your clients, you will need additional coverage as well.

Here are some examples of sensitive information many businesses store using technology:

  • Names
  • Phone Numbers
  • Addresses
  • Personal Information (medical information, legal information, etc.)
  • Credit and Debit Cards
  • Bank Account and Routing Numbers
  • Social Insurance Numbers

Overall, any business that stores financial or personal customer data, even phone numbers, should at least consider first-party coverage – which is included in a cybersecurity insurance policy.

What Does Cybersecurity Insurance Cover?

Cybersecurity insurance coverage is designed to protect your business from primary cyber risks, covering first-party and third-party costs.

Should your business be victim to a cyberattack or any loss of data, your cybersecurity insurance policy will cover loss due to breach of sensitive information, notification costs, litigation costs, fines, and penalties.

Let’s take a look at the basics of cybersecurity insurance and what it covers:

First-Party Coverage

In a cybersecurity insurance policy, first-party coverage protects your company and its property, including loss or damage to electronic data and loss of income.

It also covers extra expenses should your company experience an interruption to business due to cyber damage.

Cybersecurity insurance will also cover your business in the event of cyber extortion, should a hack hold sensitive and important information hostage.

First-party cyber coverage will also cover the costs of notifying customers and clients of any breaches or loss of data.

Third-Party Coverage

Third-party coverage in a cybersecurity insurance policy will cover issues dealing with individuals not included in your business, such as clients, customers, vendors, and anyone else who is affected by a data breach or loss of information.

This particular coverage is designed to protect your company should a third party sue for damages by handling the costs of lawyers and settlements.

Privacy Liability Coverage

For companies that store sensitive information, privacy liability coverage is essential to protect your business from privacy or information risks that threaten the security of your employees and customers.

Privacy liability coverage will protect your business from privacy law violations and cyber incidents.

Network Security Coverage

Network security coverage should be included in your cybersecurity insurance policy to protect your company’s private information.

Should your network security fail, this coverage will protect you from issues such as:

  • Compromised business emails
  • Cyber extortion demands
  • Data breaches
  • Malware infections
  • Ransomware

Network security coverage will cover costs associated with notifying customers, credit monitoring, data restoration, identity restoration, legal expenses, and more.

Errors and Omissions Coverage

If a cyberattack or incident prevents you from fulfilling contractual obligations or delivering your services to customers, errors and omissions (E&O) coverage will protect your business.

This includes services such as consulting services, software services, and traditional professional services.

This coverage also protects your business from breach of contract and allegations of neglect.

Media Liability Coverage

Media liability coverage protects you and your business from intellectual property infringement (except for patent infringement).

This includes printed advertising, online advertising, and social media posts.

Network Business Interruption Coverage

If your business depends on technology to operate, it’s essential that you consider network business interruption coverage.

This policy will help you if your network or provider’s network goes down, covering fixed expenses, lost profits, and extra costs during downtime.

This coverage also applies to security failures caused by cyberattacks and system interruptions due to human error.

What Doesn’t Cybersecurity Insurance Cover?

Keep in mind that there are certain things that cybersecurity does not cover, including:

  • Preventable security issues, such as mishandling digital information.
  • Cyber issues that are caused by the insured.
  • Costs to improve cybersecurity after an attack.

General liability insurance for professional services will not cover issues related to online data or data stored on computers. This type of insurance policy only covers property damage and bodily injury.

How Much is Cybersecurity Insurance?

The cost of cybersecurity insurance in Canada is completely dependent on your business and its needs!

When choosing a cybersecurity insurance policy, your broker will take a variety of factors into consideration, including the level of cyber risks you are exposed to.

In 2019, the average cyber insurance cost was approximately $1,500 per year for $1 million in coverage and a $10,000 deductible.

However, you can expect to pay more or less than this amount depending on several key factors, such as:

  • Size of Company. The more employees and customers/clients you have, the greater the risk of phishing attacks on your business.
  • Industry. Your company’s industry will determine if you are low, medium, or high risk. For example, a hospital would be considered high-risk based on the nature of the information stored, while a small business with a limited customer base would be considered low risk.
  • Annual Revenue. The more money your company makes, the greater risk that a cybercriminal will target your business.
  • Security Measures. You can lower your cybersecurity insurance premiums by installing security protocols, monitoring hardware and software security, and creating procedures for cyberattacks.

Overall, what you choose to include in your cyber insurance policy will also impact the cost of coverage.

Why is Cybersecurity Insurance Important?

Cyber insurance coverage mitigates threats and financial losses – but it can also benefit your business in other ways:

Compliance and Legislation

Cyber insurance in Canada ensures that your business follows the rules and laws regarding Canada’s Anti-Spam Legislation (CASL) in order to avoid corporate or personal liability.

The CASL protects businesses and consumers from the misuse of digital technology, such as electronic threats and spam.

Their regulations include email consent and the security of computers, devices, and networks.

Crisis Management

Cyber insurance helps to limit the negative impacts of cyber-related events on your business’s reputation by providing the means necessary to restore confidence in your company’s cyber security.

Sending the right message following a cyberattack or loss of information is essential to maintain trust between your business and your customers or clients.

Cybersecurity Gaps

Many times, cyber damages are caused by a company’s lack of education regarding cyber threats.

Cyber insurance can help provide resources to you and your business to help manage risk and identify preventable cybersecurity gaps.

A Real-Life Example

To help you understand the importance of cybersecurity insurance, here is a real-life example that happened to Sony in 2011.

That year, their Playstation network was breached, exposing personally identifying information of over 77 million users. Users were unable to access the service for 23 days, and the incident cost Sony over $171 million.

Sony did not have a cybersecurity policy in place, and a court ruled that their current insurance policy only covered damage to physical property.

Sony was left to incur the full amount of the cyber damages.

Cybersecurity Insurance for Edmonton Businesses

Arc Insurance provides cybersecurity insurance for business owners in the Edmonton area.

Cyber risks are evolving daily, and so are Arc Insurance’s comprehensive insurance packages! We ensure your business is completely covered with our cybersecurity insurance coverage.

Contact us today for a no-obligation consultation and risk assessment so we can tailor the perfect insurance package for your business’s unique needs.