Times are rapidly changing and how we communicate and do business has too. This has brought on new risks and liability exposures that seemed unimaginable a few decades ago. Claims and the legal expenses to cover insured losses from privacy breaches, copyright infringement, along with errors and omissions, are on the rise.
Cyber liability insurance helps to protect an association, business or individual from the negative impact and costs of a breach, theft or unauthorized disclosure in an electronic format of another party’s personal information. Any business, no matter how small or large, can be a victim of cyber crime or have a cyber breach.
Our brokerage represents specialty insurers that provide many of the unique coverages required by those in cyber and computer-type fields including Software Developers, Network Support, IT Consultants, Website Developers, Graphic Designers, Media and Advertising firms.
Possession of any party’s personal information such as phone numbers, credit card details, dates of birth to name a few must be safeguarded. A lost or stolen laptop containing a vendor or customer’s information, or a virtual thief from the other side of the world who is hacking into a computer, phishing scams or ransomware are examples of negative events that are occurring daily. Standard property and liability policies exclude damage and liability from these kinds of events. Specialty policies offer coverage that can be customized to fit the needs of an organization.
Commercial cyber insurance is a policy design to protect a business’ liability for data breaches related to customers’ personal or sensitive business information. Cyber insurance provides protection and coverage for the security and privacy of digital information and data should your business or organization be a victim of a cyber breach.
Every business can benefit from commercial cyber insurance, because in this day and age, pretty much every single company or individual conducts at least some of their business online and that makes them vulnerable to cyber attacks. If you sell products through e-commerce or maintain electronic customers’ records, you should carry cyber insurance to protect your organization from risk. A breach of the systems containing this personal and commercial information can be extremely time-consuming and costly.
When your business experiences losses related to an insured peril that is covered by your commercial cyber insurance policy, you can expect your insurance carrier to provide compensation for certain costs up to the coverage limits listed on your policy. What exactly is covered can vary a bit based on the insurance company and the way your policy is written, but generally speaking, business cyber insurance includes coverage for costs such as:
Having access to reactive assistance such as legal advice and crisis management from professionals who have dealt with these types of situations many times over is extremely important in the aftermath of a cyber attack. For example, if you were hit by a ransomware attack and extorted with a demand for payment by an organization in a foreign country, it could be considered a federal offense to actually send money to that organization based on the country it is in and its ties to the federal government there. With necessary legal advice from experienced professionals, you can get help to come up with the right incident response plan to deal with the problem and get it resolved without inadvertently making it worse.
In addition to the standard types of coverage on your Ontario commercial cyber insurance policy, you may need or want the security of additional coverage—particularly if you frequently transfer money electronically or store sensitive information. Here are a few types of coverage that are worth considering for your commercial cyber insurance package.
Data compromise, cyber and privacy breach expenses insurance provides assistance for organizations before and after an event. Educational information is available with tips on preventative measures. Consultation is provided if a breach occurs with a plan on what to do, how and when to notify others and to mitigate public relations issues. There are limited expense reimbursements included to assist with managing the event. However, these types of options are not actual liability insurance coverage and can often be purchased without actual cyber liability coverage.
This coverage is needed to provide defence and legal liability for damages if the business or organization (the insured) is legally liable for failing to protect confidential information.
Some insurance policies may offer coverage for PCI-Payment Card Industry fines and penalties, or defence expenses in the event of a regulatory action regarding a privacy breach.
When people think of cyber attacks, they typically think about hacking and malware. But it's often easier, and therefore more common, for cyber criminals to extract information or get access to your systems through social engineering. That essentially involves manipulating and lying to business owners or their employees in order to convince them to give up pertinent information or consent to allowing the hacker access to a computer or network.
Many people assume they don't need social engineering coverage because they simply won't fall for those tricks, but that's not necessarily realistic. Social engineering scams can be incredibly sophisticated, and hackers have finely-tuned these processes over many years of trial and error. If they catch you or one of your employees in a moment when you're distracted by something else or just having a bad day, it'll be easier than you may think to get what they want out of you. Social engineering insurance provides you with Ontario commercial cyber insurance in the event that you or your employee are tricked into handing over information or access.
If you are the victim of hacking, social engineering fraud, phishing or other types of cyber crime and you lose money as a result, the lost funds will not be reimbursed by your insurance provider unless you have cyber crime coverage on your commercial cyber insurance policy. With an endorsement for cyber crime, you can access insurance compensation to recoup some or all of the lost money, depending on your policy's coverage limits.
Commercial cyber insurance is a fairly specialized coverage designed to address risk exposures related to cyber attacks. People sometimes have the misconception that it applies to anything that happens with computers or the internet, but that's not the case. For example, if your employee hacks your system, embezzles money or purposefully causes damage to your data or computer systems, those losses will not be covered by your commercial cyber insurance but rather employee dishonesty coverage on your business insurance policy.
Another example of something that people may assume is covered by commercial cyber insurance, but actually is not covered, is damage to computer systems or a loss of data that is caused by a power surge, mechanical failure or operator error. Those types of losses fall under equipment breakdown coverage, which is a type of commercial property insurance.
Both standalone policies and endorsements added to an existing business insurance policy are possible for commercial cyber insurance. While a typical business insurance policy does not include business cyber insurance coverage, it can be added on as an endorsement. However, the scope and limits of the coverage provided by an endorsement is usually not sufficient to allow business owners to avoid paying out of pocket for at least some of the costs they could incur in the aftermath of a cyber attack. A standalone policy for Ontario commercial cyber insurance will generally provide more extensive coverage and the option for higher limits, so it's a better choice for those who are vulnerable to losing a significant amount of money as the result of a cyber attack.
They aren't exactly the same, though this is a fairly common misconception because the names make them sound like they offer the same coverage. While they are similar, commercial cyber insurance applies to both first-party and third-party damages, meaning that it would apply to the costs of cyber incidents that affect your own data as well as cyber incidents that affect the data of a third party or parties such as your customers. Data breach insurance, on the other hand, applies only to first-party losses related to damage or theft of your data. Since commercial businesses rarely deal with just first-party data, commercial cyber insurance is usually the best option for a business owner.
This is another common misconception. Technology errors and omissions insurance is a type of professional liability insurance that applies to losses caused by errors, negligence and more that are related to technological products or technology-based services. It does not give you any sort of coverage for losses caused by the theft or extortion of third-party data, which is covered by Ontario commercial cyber insurance.
That really depends on a wide range of factors, so it's difficult to provide an estimate without knowing more about your business needs. For example, if you choose an endorsement for an existing policy, it will be less costly than a standalone policy for Ontario commercial cyber insurance. Some of the factors that go into determining a quote are:
Absolutely. Many small business owners don't really consider getting commercial cyber insurance coverage, even if they transfer money or transmit and store private information, because they assume their business is too small to be targeted by cyber criminals. In reality, that makes them an even more tempting target.
Large businesses with hundreds of employees or franchise chains with corporate head offices are much more likely to have their own information technology department, often with cyber security specialists in-house. That means they are a lot more protected and harder to hack than a small business with little to no cyber security protection, and hackers, phishers and other types of cyber criminals are keenly aware of that fact. They are actually more likely to attack a small, unprotected business and get what they can before quickly moving on to the next business than they are to spend a lot of time and resources trying to get around the ironclad security measures that large companies and organizations have in place.
If you need more information or a quote on the right commercial cyber insurance, Ontario insurance brokers at Morison Insurance are here to help. Our experienced brokers work for our clients, not for the insurance companies, so we prioritize your best interests and make it our mission to find insurance coverage that addresses your unique risk exposures. Get in touch with us today at 1-800-463-8074 to speak with a friendly Morison Insurance broker and find out more about Ontario commercial cyber insurance for your business.
This content is written by our Morison Insurance team. It is provided for general information only. Insurance needs differ from person to person, and this article is therefore not a substitute for professional advice about your individual insurance needs which can be obtained by speaking to one of our brokers.