Whether it’s employee data, customer information, or supplier and partner information, your business runs on information. Find out what cyber security risks your business faces as a result.
Risks Posed to All Business Systems and Data
Every business runs on information and this can make you the potential target of cyber crimes. Vulnerable forms of data can include, for example, employee data, customer information, or supplier and partner information.
Many businesses treat data differently. You might collect it, use it, share it or store it. Hackers have a tendency to target small businesses since they (historically) do not have the proper safeguards in place. Sixty percent of all online attacks in 2014 targeted small and mid-size businesses. More often than they like, information is lost or stolen, whether through a data breach or a simple employee mistake.
Under the new PIPEDA laws in Canada, you are legally responsible for all information in your possession. Companies are required to notify their customers of a data security breach as well as notify the office of the Privacy Commissioner of Canada and any government institution that can ‘mitigate the risk or harm of the breach'. Failing to report a breach can result in fines of up to $100,000.
How can I be attacked?
If you use your website for e-commerce and collect customer shipping and billing information, you are a high-risk target for hackers. Imagine - your website is disabled. You can’t take orders, you don’t know where or how the virus is attacking your system and you can’t collect the payments you need to stay in business. A worst-case scenario!
2. IT Systems
Is your website or any of your data hosted or stored in the cloud or on an offsite server? You may still be legally responsible. The hacker has accessed your customer's names and contact information – and worse – your employees’ social security numbers. What now? How do you explain that their most sacred information is now in the hands of a criminal?
3. Email Phishing Scams
We’ve all received them but the number of phishing emails a company receives daily is rapidly increasing. Phishing is a large-scale attack where a hacker will forge an email so it looks like it comes from a legitimate company (e.g. a bank), usually with the intention of tricking the unsuspecting recipient into downloading malware or entering confidential information into a phished website.
Hackers are also getting clever and the fake emails are getting harder to identify. Can you spot a scam? Take the official Phishing Quiz to find out here.
Why is having cyber insurance important for my business?
The standard commercial general liability policies that most businesses and public and private institutions rely on are increasingly being interpreted by the courts to not cover data breach claims and the resulting damages. It is becoming increasingly more important that your business has the proper cyber liability coverage.
Many policies offer “first party” and “third party” coverage. The policy will cover you for things like business interruption, the cost of notifying customers of a breach, helping to rectify financial losses, physical damage to servers, and even the expense of hiring a public relations firm to repair any damage done to your image as a result of a cyber attack. Refer to our article on key cyber insurance technical terms here.
You probably don’t have a risk management team. So let us take care of you by ensuring that you have the proper safeguards and insurance protection for your business needs. We will work with you to integrate cyber liability with your general policy and employment liability policy.
Does Your Business Policy Include Cyber Insurance?
If you don't know the answer to this question it's a good idea to speak to your commercial insurance broker sooner than later. As your trusted insurance advisor, your broker will be able to help you understand the impact on your business of the changes to Canada's federal private sector privacy law.
Related Articles View All
The recent ransomware attack on the City of Stratford demonstrates our vulnerability to ever-evolving cyber threats. Do you know how your business is protected from disruptions to your software, data, and business operations?
In late November 2018, Marriott hotels reported one of the largest security breaches of personal data ever – once again demonstrating the vulnerability of the industry and growing importance of cyber insurance.
As of November 1 2018, businesses must submit formal notification of cyber breaches under Canada's federal private sector privacy law. Learn the key cyber insurance terms in this reference guide.
New Privacy Rules come in force – making it important that businesses operating in Canada take Cyber Security Seriously
Important changes to Canada's federal private sector privacy law take place on November 1, 2018 – mandating businesses to submit formal notification of any cyber breaches.