Cyber crime prevention has headlined many articles in our blog, and for good reason given that the threat level is higher than ever. And while partnering with a Managed Services Provider that offers access to enterprise level cloud-based productivity and security solutions is the first step to mitigating risk, we’d be remiss to not suggest that you consider cyber-security insurance too. In fact, it was one of the most popular discussion topics (led by Jack Rao, of ARC Insurance Brokers) at SIRKit Summit 2019. Let’s find out what you need to know.
The most obvious concern is the fact that a data breach that exposes sensitive information about customers, clients, and third parties (suppliers, vendors, etc.) can put you in direct line of fire in claims court, especially if it can be established that a breach was the result of negligence. You need to make sure that your cyber liability policy accounts for this, covering the potential cost of claims and legal proceedings.
In addition, a hack can also directly result in loss of finances (should accounts be compromised), products, equipment, and materials, all of which have a hard cost that a complete policy may cover. A cyber crime event can also halt business operations, rendering you incapable of serving customers/clients and ultimately cut off your revenue stream. In this case, you can consider an equipment breakdown (as applicable) and/or business interruption rider for your commercial policy.
There is another liability connected to a data breach, and the potential for this liability got a lot bigger in 2018 with a new addendum to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Prior to that was the April 2018 arrival of the EU’s General Data Privacy Regulation (GDPR), which also impacts businesses on Canadian soil. In summation, these compliance updates increase the risk of punitive measures that may result in fines that your business may not be able to recover from without proper protection. For instance, violators of the PIPDA mandates will be subject to a fines of up to $100,000 per violation.
It is VERY important for your company to get complete buy-in from its Board of Directors (assuming you’re not the sole executive) and stakeholders. Executives do not have the luxury of blaming negligence on the IT department should a lag in security result in a breach. Not only are consumers asking that executives be more accountable in the public eye, Canadian Underwriter reports that executives and corporate boards could be named liable if there was a proven failure to exercise due diligence and governance when it comes to cyber risk policies and procedures.
For instance, if IT personnel put in a documented request for a software upgrade to better secure systems, and because of budgetary reasons (or other) you denied the request, in the event of a breach a case could be made that you did not exercise proper governance. Therefore, you as the corporate officer could be held responsible for the breach. You may need to ensure that your cyber insurance policy is further padded with Directors & Officers (D&O) liability insurance.
Your business typically needs guidance from an MSP when building an IT solution appropriate to your unique business needs. Well, a similar relationship requirement reigns true when it comes to finding a custom cyber liability policy, except you will want to consult with an independent broker. An independent broker will provide unbiased assistance in marrying your explicit needs to commercial policies that account for everything above. Better yet, by putting your MSP in touch with your broker, together they can best assess the level of risk, and necessity of coverage. The result will be a truly custom solution that mitigates your liability if you fall victim to a cyber crime.
Comprehensive coverage aside, remember that the most impactful way to reduce the risk of cyber crime is to partner with a Managed Services Provider that can provide you access to enterprise level threat protection as a part of your plan. Contact SIRKit today to learn more.