Cyber insurance exposure: Why it’s not just about the big boys

If you thought cyber insurance was just for McDonald’s and Yahoo then you need to think again

Cyber insurance exposure: Why it’s not just about the big boys

Cyber

By Will Koblensky

When it comes to cyber exposure in Canada, it’s not just the big boys that are feeling the heat.

Kevin Lea, senior account executive at Rogers Insurance, said crime and breaches targeting smaller sized businesses are less well heard of and therefore less insured against – but every bit as dangerous.

Learn more about cyber insurance here.

“We’re seeing a hybrid of what is traditionally within the realm of crime insurance and what would fall under cyber insurance,” he explained. “We’re seeing a large uptick in social engineering incidents, social engineering attacks against companies of all sizes across the country.

“Previously only larger corporations were targeted but now the fraudsters and entities behind these types of social engineering attacks are realizing that smaller entities, including non-profits and charitable groups, have much weaker financial control, typically, than larger corporations, so the attacks seem to be shifting towards smaller entities because the success rate is higher.”

It’s not just Yahoo and McDonald’s Canada facing a cyber threat, even minor hockey leagues can get hacked, according to Lea.

Want the latest insurance industry news first? Sign up for our completely free newsletter service now.

“There was actually an incident in Calgary just a few weeks ago, where a local minor hockey club lost over $100,000 to a social engineering attack,” Lea said. “Because a social engineering attack is a digital item, but also includes the theft of money, it falls within the grey area between crime insurance and cyber insurance. So it’s important for those looking to have the insurance side of it organized, to get a comprehensive crime policy and a comprehensive cyber policy to respond.”

Then, as another vital reason to jump on the cyber insurance bandwagon, there’s the price companies pay for notifying the public, by way of the privacy commissioner, of getting hacked when people’s personal information is stolen.

“On the pure privacy breach side depending on how many records the organization may hold, even just the notification costs (to the privacy commissioner) under the updated Digital Privacy Act on a national level can be very expensive. Per several major Canadian insurers, the cost of notification is around $130 per record,” Lea said.

“Then there’s any financial restitution that needs to be provided or additional services like paying for identity theft monitoring or any fines or investigative costs as assessed by the various regulatory authorities.”      

 

Keep up with the latest news and events

Join our mailing list, it’s free!