Mandatory reporting regulations for companies who’ve been hacked and that have had personal information compromised have been on the books, but not in force, since 2015.
There are some expectations that the fall of 2017 will see the Digital Privacy Act finally compel infiltrated companies to admit a privacy breach. A peek into why the legislation is needed was on display Friday when McDonald’s Canada announced 93,000 job applicants had their personal information stolen.
Learn more about data breach insurance here.
In a well-timed announcement on Monday,
CFC Underwriting announced a new policy described as “one of the very few to offer full retroactive cover as standard, meaning that policyholders are covered for breaches they discover during the policy period, even if it first occurred long before.”
So as brokers look to sell cyber insurance on the back of the McDonalds breach, CFC Underwriting’s international cyber team leader, Lindsey Nelson, outlined that one of the defining characteristics of the Canadian cyber market is its focus on business interruption cyber-risk rather than privacy concerns.
“Because not everybody is holding vast amounts of data but everybody’s holding cash, the cybercrime and social engineering fraud tends to be a more applicable cover to those Canadian companies,” Nelson said.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
“To sell it on that basis has been worthwhile because it really focuses the attention away from the privacy aspect that’s seen a lot in the US, in addition to some other coverages that are, at times, overlooked - such as the service business interruption. Until we get the mandatory notification in place I think that’s the angle that will go far in Canada.”
Nelson also mentioned financial and monetarily-motivated hacks are among the higher risks for cyber insurance.
“With many unauthorized fund transfers, a lot of what we see is the social engineering, fake CEO, vendor or supplier scams that are going on. That’s in addition to ransomware and extortion that we’re seeing, which is all financially motivated,” Nelson said.
“A lot of it is reputationally-based as well in terms of hackers trying to make a name for themselves and saying ‘look what I can do.’”
Related stories:
D&O: What brokers should know about new threat
Ransomware: The good and the bad for cyber insurers