Every week we hear stories of high-profile cyberattacks. Personal or commercial data that has been stolen or held ransom — and it’s a problem Statistics Canada and cybersecurity experts warn is increasingly more frequent and severe.
The exact scope of the threat is hard to lock down. In one Stats Can report 21 per cent of businesses reported they’d been impacted. In another, 32,968 businesses and 7,727 Canadians reported to police they were affected by cybercrime. The national rate of extortion grew by 124 per cent and the number of fraud cases increased by 60 per cent between 2014 and 2018, according to StatsCan.
The RCMP say Canadians are affected by ransomware attacks — software that infects a system and blocks users from using computers until a ransom is paid — about 3,200 times every day.
And yet this is likely only the tip of the iceberg as most cybercrime isn’t reported to police, often due to embarrassment or fear the company’s reputation will be hurt. Estimates suggest just three to 10 per cent of cybercrime is officially reported.
“If you look at the number of breaches in the past couple of years, it’s really almost a matter of time before a company may have an incident,” says Hugh Watt, COO of NFP Brokers in Edmonton.
“I truly believe this is one of the larger threats to businesses and we need to ensure that we have measures in place to protect us. This is a ‘clear and present danger.’ ”
The Canadian Centre for Cyber Security agrees, saying “cybercrime is the cyber threat most likely to affect Canadians and Canadian businesses.” Cyber criminals are becoming more advanced, its 2018 report warns.
It can all feel rather scary and overwhelming. What can you do for yourself and your business?
First, of course, is making sure you protect your personal information and have a strong security plan for your business, such as with these tips from the Centre for Cyber Security:
- Five practical ways to make yourself cybersafe
- Protecting high-value information for small and medium organizations
- Useful Resources
Another step to consider is cyber insurance.
It can be an important part of your business’ risk-management strategy to help reduce the impact of data breaches or malware as most general liability policies don’t cover losses due to a cyberattack. PricewaterhouseCoopers has reported about 30 per cent of businesses now have cyber insurance. It’s also becoming a more common requirement of many contracts.
Individual policies vary depending on a company’s specific needs and industry, but the types of things that can be included with cyber insurance are:
- lost income, as well as potential lost productivity and profits, due to an event;
- operating expenses, that could need to still be paid if you have to temporarily stop some or all services;
- legal costs, such as hiring a lawyer to assess your obligations under federal and privacy laws as well as any professional regulations;
- expert services, your IT team may require extra help to stop an attack, recover data or restore your system;
- notification costs, which may require hiring people to send notices and/or answer help lines;
- credit and/or identity monitoring, for customers affected by an attack;
- damages to third-party systems, if an infected email from your server crashes the system of a customer or vendor. You may also want protection from breaches from your partners;
- potential extortion payments, connected to ransomware attacks;
- intellectual property losses, due to an attack;
- marketing and public relations costs, as a severe breach could be damaging to your company’s reputation.
“Having cyber insurance — and more importantly, having the right risk coverage — for you or your company is essential for modern-day businesses and individuals."
For more information, contact NFP and we will have one of our Commercial Insurance professionals help to protect your business from this risk. 1-800-668-3213