What is Cyber Insurance and does my business really need it?

Cyber Insurance generally covers the costs, up to a specified limit, of dealing with the expenses associated with an electronic privacy breach. In other words, if your client information is somehow obtained by a third party, there would be coverage for associated expenses incurred. It can be stated that any business with customer data is at risk.

The Digital Privacy Act (DPA) was passed into law June 18, 2015. DPA makes changes to the Personal Information and Protection of Electronic Documents Act. This amendment makes it mandatory that any business affected by a data security breach would have to report that to the federal Office of the Privacy Commissioner (OPC) and any individual at risk from the breach. The notification is obligatory when there is a “real risk of significant harm”. “Significant harm is defined really broadly” states Patrick Hawkins, a partner with Borden Ladner Gervais LLP. “It includes the potential for damage to reputation… financial loss, identity theft and negative effects on credit records.”

DPA also requires organizations to keep records of data breaches of any kind. This could be something as simple as a misprinted address label that goes out in the mail displaying the party’s age or a printed customer order with personal information left on a counter. It could involve a lost USB key with customer data or a laptop computer or tablet. A breach is a piece of personal information tied to an identifiable individual. A record would have to be kept for each of these instances. Organizations that deliberately cover up privacy breaches and destroy records will face fines of up to $100,000 for every person or client that they intentionally fail to notify.

Cyber insurance helps cover the cost of developing a plan and notifying clients of a breach. It can also provide liability coverage should you be sued after such an event. Some plans will even provide coverage for getting back up and running after a malicious data security breach event that corrupts data. These comprehensive plans may cover the expense to repair computers, reinstall operating systems and even pay Ransomware demands. Policy packages can be put together from the very basic to all-encompassing depending on your exposure and needs.

With notes from Canadian Underwriter Magazine, January 2017