52 years ago ·
Less than 3% of SME’s have cyber insurance
Businesses are now more reliant than ever on technology to operate, whether they are using remote networks for remote-working, paying suppliers by wire transfer, or storing sensitive data online.
At the same time, two-thirds of small-to-medium-sized businesses in Canada have not been able to spend on technology infrastructure, leaving them even more vulnerable to cyber attacks.
And finally, the number of cybersecurity incidents reported in Canada and across the globe has continued to grow at an alarming pace.
Buying a standalone cyber policy is a smart decision for your business, now more than ever. Here are additional reasons why:
The average cost of data breaches in Canada rose 6.7% in 2020
You get cybersecurity tools and support
For most small-to-medium sized businesses, having a robust in-house IT security team isn’t always possible, or even necessary. But this can leave you without a place to turn in the event that the worst does happen. Cyber insurance is a highly cost-effective way to gain access to the support you need in order to both prevent and respond to cyber events. Most cyber policies come with a number of proactive risk management tools, such as employee cybersecurity training programs. A good policy will also give you access to IT experts, forensic specialists, PR firms, lawyers, and more, and often with a nil deductible
Over half of all cyberattacks are aimed at small-to-medium sized businesses
While the headlines focus on major security breaches at major companies, over half of all cyber attacks are aimed at small businesses, they just don’t make it to the news. What you don’t often hear about is the local law firm that mistakenly transfers $100,000 to a fraudster after being duped by a social engineering scam or the doctor’s office unable to use their computer systems for days because of a destructive malware attack. Cybercriminals see smaller organizations as low hanging fruit because they often lack the resources necessary to invest in IT security or provide cybersecurity training for their staff, making them an easier target
Your employees will probably click on something they shouldn’t
The fact remains that humans are the weakest link in the cybersecurity chain no matter how hard we try – approximately three quarters of the cyber claims involve some kind of easily-preventable human error. Theft of funds, ransomware, extortion and non-malicious data breaches usually start with a human error or oversight such as clicking on a phishing link, which then allows cybercriminals to access your systems from the inside.
You aren’t covered under other lines of insurance
Property policies were designed to cover your bricks and mortar, not your digital assets; crime policies rarely cover social engineering scams – a huge source of financial losses for businesses of all sizes. Professional liability policies generally don’t cover the first party costs associated with responding to a cyber event. A good standalone cyber policy is designed to cover the gaps left by traditional insurance policies, and importantly, comes with access to expert cyber claims handlers who are trained to get your business back on track with minimum disruption and financial impact
Cyber insurance covers far more than just data privacy
Many businesses think that cyber insurance won’t be useful to them because they don’t collect sensitive data. However, more than 50% of cyber claims come from events unrelated to breaches of privacy, and any business that uses technology to operate is vulnerable. Two of the most common sources of cyber claims aren’t related to privacy – funds transfer fraud is often carried out by criminals using fraudulent emails to divert the transfer of funds from a legitimate account to their own, while ransomware can cripple any organization by freezing or damaging business-critical computer systems.
Cyber insurance pays more claims than any other type of insurance
CFC has paid more than 1,500 cyber claims in the last 12 months, a number that eclipses previous years and is steadily growing, and the vast majority of these are from small and medium sized business. In fact, it was recently revealed that 99% of cyber insurance claims were paid in 2018, which means cyber has one of the highest claims acceptance rates across all insurance products.**
Information like this shows that cyber policies are doing what they set out to do, which is provide broad coverage for a range of technology and privacy-related risks affecting modern businesses, all backed up by proactive risk management and expert incident response and claims handling.
Source: CFC Underwriting
What All Cyber Criminals Know:
Small & Midsize Businesses With Little or No Cybersecurity Are Ideal Targets
- More than half of all cyberattacks are directed at SMEs, and that number is steadily increasing.
- 93 percent of small and midsize enterprises (SMEs) that have experienced a cyber incident reported a severe impact to their business.
- Almost all reported a loss of money and savings.
- 31% reported damage to their reputation, leading to a loss of clients, as well as difficulty attracting new employees and winning new business.
- Nearly half reported an interruption in service that damaged their ability to operate.
- In spite of these figures, less than 3 percent have cyber insurance.
52 years ago ·
The closure of manufacturing plants, restaurants, retail establishments and other places of business to limit the spread of COVID-19 has resulted in significant business interruption losses. Here are some ways to mitigate those interruptions whenever possible:
- Check Insurance Policies
- Have an Emergency Response Plan
- Protect Idle Property
- Implement Cybersecurity Measures
1. Insurance policies
Checking your insurance coverage should be priority number one. The most relevant policies to check for during the coronavirus include:
- Business interruption coverage – to manage against unforeseen effects on your business.
- Portable equipment coverage – for any items your employees need to take home to work.
- Contents insurance – while the office is empty, there’s a higher security risk and potential for burglaries.
- Credit insurance – although less common these days, it helps protect against the eventuality that customers who owe money for products or services do not pay their debts, or who pay them later than agreed.
2. Emergency response plan
Emergency response or contingency plans are key to reducing your exposure to a liability or property claim during a pandemic. If you have an emergency response plan and a business continuity plan, there may be simple changes you can make to reflect recommendations on how your business can respond to COVID-19.
We recommend that you review two specific sections of your emergency plan: your company’s approach to cybersecurity and the steps you have in place to protect your property.
If you don’t already have a plan in place, here are some resources you can consult for guidance:
In general, a strong emergency response plan will
- Identify and analyze possible exposures to risk, including how a pandemic or any other major adverse situation could impact your business.
- Document a response procedure to manage these risks that reflects international, national and regional standards.
How can I make sure my business property is protected?
When commercial properties are left idle, they face a different set of exposures different to when the business is operating normally. There are many things that business owners and site managers can do to keep their properties safe and secure during the COVID-19 shutdown.
- First, inform your insurance broker of the situation. Your broker can provide guidelines in order to safeguard your property (for more information, see our safety tips on theft, vacant and idle properties).
- Consult a specialist before shutting down production or support equipment to make sure that the proper steps are taken.
- Continue preventive maintenance activities for your building and its components according to schedule. If access to your facility is restricted, only continue urgent repairs.
- Ensure mechanical components, such as elevators, receive essential servicing by monitoring them remotely or conducting periodic on-site assessments. This will help reduce the possibility of a loss of essential equipment following a prolonged period of inactivity.
- Monitor fire protection and burglary alarm notification systems. If these systems are not available, you may want to consider periodic on-site assessments.
- Ensure that all maintenance and service elements are taken care of so that the property is prepared for an extended shutdown. For example, set the temperature in the building to around 15C as this helps to prevent sprinkler systems and water pipes from freezing and bursting.
- If a property is vacated, or even just looks empty, it immediately becomes an easier target for vandals and thieves. To mitigate these risks, schedule regular visits and visual check-ups of the site whenever possible.
- Ensure that security devices, like locks and alarms, are operational, and those with human security patrols can up the frequency of visits to the property.
- Maintain appropriate lighting around the facility and especially around all entrances because it gives the impression somebody is overseeing the facility even if it’s closed.
- Conduct regular checks of their roofs, their downspouts, and any outdoor drains to ensure everything is properly maintained.
- Inform your business partners and clients of your decisions.
How can I prevent cargo losses?
The pandemic has disrupted the global supply chain. As a result, is has created a situation where cargo is being stored for long periods of time in unattended or improvised storage areas and increasing the likelihood of theft or vandalism.
To help you mitigate losses, we recommend the following control measures:
- Ensure the storage yard is fully secured using chain link fence and adequate lightning.
- Monitor site access at all times.
- Establish and implement a policy requiring permission for vehicle to leave the site.
- Limit access to the shipping paperwork.
More information: Preventing cargo losses
How can I protect my business and my employees working from home?
Because of the COVID-19, many businesses have employees working from home – some for the first time. Here are some tips to ensure that your business operations remain secure while your team works remotely.
- Keep up-to-date contact information (including personal and professional phone numbers and emails) for staff, partners, suppliers and the IT team responsible for your online properties.
- Identify the essential operations and services you want to keep running. For example, if you offer an online consulting service, what would you need to maintain a certain level of service with your team working from home? Consider key employees, computer and internet connectivity, phone lines, software, database accessibility, etc.
- For employees who work from home, assess their access needs on a case-by-case basis:
- Work with your IT professionals to secure who can access your network and encrypt confidential information
- Ask your employees to avoid working from unsecured public networks or enable a VPN option for remote network connection to avoid man-in-the-middle attacks
- Enforce a strong password policy and set an automatic inactivity logout
- Ensure endpoint protection for all devices (by installing firewalls, antivirus and security information, and event management (SIEM) software, and disabling USB ports, etc.)
- Provide cybersecurity training to all personnel and reinforce best practices often
- Back up data daily and create a physical backup if the information needs to be quickly retrieved and restored.
- Remind employees that they should not leave these laptops or other company material in the car or anywhere else that would increase the risk of theft.
- Ensure confidential data and intellectual property are adequately protected by different layers of security—this is not the time for a data breach.
What is phishing and how can I prevent it?
You should also remind your employees to be aware of phishing or fraudulent attempts to gain personal information by phone or email. If something seems too good to be true, it probably is. Do not click on any suspicious email attachments or give information to anyone. Common phishing emails often:
- Evoke a sense of urgency to act now
- Ask for sensitive information
- Request that you click on a link
- Come in the form of unexpected emails
- Include multiple people on the sender list
- Contain grammatical errors
- Have an uncommon file type or include suspicious attachments
Employees working from home should also be wary of unsolicited calls. If they didn’t initiate the call, they shouldn’t provide or confirm any information, including business addresses or phone numbers, account numbers, or any information about equipment in the office (such as the make or model of the printer, laptop, etc.).
If you’d like more information, check out the Canadian Anti-Fraud Centre and Get Cyber Safe.
Source: Intact Insurance
52 years ago ·
Do Canadians need Earthquake Insurance?
According to the Earthquake Model for Canada, a report produced by AIR Worldwide for the Insurance Bureau of Canada, the risk of a major earthquake is considered the highest in Vancouver, Victoria, Montréal, Ottawa and Québec City.
In fact, after Vancouver, Montreal is considered the city with the highest earthquake risk in Canada based on its location in a moderate seismic zone!
Standard Insurance: What is covered?
Earthquakes of magnitude 5 or greater can cause severe damage, so it’s important to properly understand what coverage your home insurance contract entitles you to.
- Homeowners and renters insurance does not cover earthquake damage.
- However, losses from fire and smoke following a quake and, if such a fire makes your home unlivable, the additional living expenses incurred while you live elsewhere during repairs are all covered.
There are many steps you can take to prepare for an earthquake. That said, the only way to financially protect your family and home against earthquake damage is to buy earthquake insurance. Earthquakes and their direct consequences are not covered by a standard homeowner’s insurance policy, unless sufficient specific coverage is added to it.
What does Earthquake Insurance cover?
- Earthquake insurance covers loss or damage caused by the tremor or shaking from an earthquake.
- If you own a house, your earthquake insurance will typically cover loss or damage to your building and your personal property. It can also cover any additional living expenses you incur if you’re unable to live in your home while it’s being repaired.
- If an earthquake breaks a gas main and starts a fire, the resulting fire damage would likely be covered under a standard home insurance policy. Your coverage will depend on the legislation in your province or territory.
- If you own a condo, your condo (or strata) corporation is responsible to insure the building. But to cover your personal property and additional living expenses, your individual condo policy must include earthquake insurance. It may also cover assessments made against you because of a shortfall in your condo corporation’s insurance.
- And if you rent your home, earthquake insurance on your tenant policy will typically cover your personal property and additional living expenses.
- In certain circumstances, homeowners who are unable to return to their home as a result of insurable damage are entitled to additional living expenses.
- Earthquake coverage is available for your place of business. To mitigate losses to your business in the event of an earthquake, you can purchase business interruption insurance.
Contact us to discuss your specific needs, as always, We’ve Got Your Back!
Earthquakes Canada – Eastern Canada
52 years ago ·
Insurance is a significant investment. Before you purchase coverage, getting answers to key questions can help you make informed decisions.
While the following list is not exhaustive, when buying auto, home or business insurance, consider:
- What are your specific insurance needs? For instance:
- What coverage is mandatory for your vehicle? What’s optional?
- What is the replacement value of your home and its contents?
- Is your business home-based? What risks are unique to your industry? What risk management strategies have you implemented?[su_spacer]
- Is there value in bundling several policies with one insurance company? Consider that multi-policy discounts or loyalty programs may be available for:
- Who can best fulfill my needs? There are different ways to secure appropriate coverage, such as buying:
- Directly from a private insurance company, through a call centre or website (companies that sell insurance this way are called “direct writers”)
- Through an agent who sells insurance for just one company
- Through a broker who deals with multiple insurance companies[su_spacer]
- How to Choose an Agent or Broker
Your agent or broker should be:
- Willing to take the time to understand your insurance needs and recommend appropriate policy options
- Able to explain your policy and coverage in clear, precise language
- Licensed in your province
- You may want to ask trusted relatives, friends or business associates if they can recommend an agent or broker.
- For a broker, you can also contact your provincial insurance brokers’ association or the Insurance Brokers Association of Canada.[su_spacer]
- Ready to interview a potential insurance representative? Questions you may want to ask include:
- Are you appropriately licensed in this province? To verify that an agent or broker is licensed to sell insurance, contact the licensing body for your province.
- Are these the lowest policy prices?
- How can I save money by changing my deductible?
- What are the cancellation rules?
- Is the claims service available 24/7/365?
- If I’m in a vehicle collision and it’s my first one, how will it affect my premium? What happens after one or more speeding tickets?
source: Insurance Bureau of Canada
52 years ago ·
Eyton-Jones would like to stress the importance of obtaining a professional evaluation to determine replacement cost, the coinsurance clause, by-laws, contingency funds etc. in light of the upcoming changes to condominium insurance.
Over the next few years, changes to the Civil Code of Québec affecting condominium insurance will come into force. They include: a mandatory appraisal of the building [the “immovable,” in the Code]8, conducted every five years by a member of a professional corporation; an obligation requiring the directors of the syndicate and the condominium unit owners to purchase liability insurance; the use of the expression costs of reconstruction instead of replacement cost; and the obligation of the syndicate to create a liquid self-insurance fund available at short notice to pay the deductibles specified in the insurance contract.
The minimum amount of liability insurance and the self-insurance fund, as well as the criteria regarding whether or not a deductible is considered unreasonable, will be determined by way of government regulation.
The syndicate of co-ownership will also be obliged to provide co-owners with a description of the private portionsthat is detailed enough to identify improvements the co-owners have made. Condominiums created before June 13, 2018 will have two years to comply with this obligation. Others will have six months to do so. Agents and brokers will have to ask for this description in order to properly assess the risk for underwriting purposes.
In conclusion, the syndicate’s insurance will be its front-line insurance in the event of a loss. If the syndicate of co-ownership decides to not avail itself of this insurance in the wake of a loss, it will be responsible for repairing the damages to the insured property and will not be allowed to sue the co-owners who were responsible for damages that the syndicate’s insurer would have otherwise paid for.
A regulatory framework will be created to implement all the upcoming changes.
In order to improve access to information, the Chambre de l’assurance de dommages (ChAD) has implemented a section dedicated to co-ownership (condominiums) with specialized topics. To help professionals, the ChAD also publishes useful articles and offers a range of trainings on the topic (in French only). In addition, four useful tools are made available:
52 years ago ·
With Canada’s new Personal Information Protection and Electronic Documents Act (“PIPEDA”) now in effect, here’s what you need to know:
Who does PIPEDA apply to?
All private sector organizations that collect, use, or disclose personal information in the course of their commercial activities (PIPEDA does not apply to organizations that operate entirely in Alberta, British Columbia, or Quebec);
What does it apply to?
- Personal information about an employee of, or an applicant for employment with, the organization and the organization collects, uses, or discloses that personal information in connection with the operation of federal works, undertakings, and businesses; and
- All personal information that flows across provincial or national borders in the course of commercial transactions involving organizations subject to PIPEDA or similar legislation.
- Outside of Canada, PIPEDA applies to foreign organizations with a real and substantial link to Canada that collect, use, or disclose the personal information of Canadians in the course of their commercial activities.
What information falls under PIPEDA?
- Age, name, ID numbers, income, ethnic origin, or blood type
- Opinions, evaluations, comments, social status, or disciplinary actions
- Employee files, credit records, loan records, medical records, existence of a dispute between a consumer and merchant, intentions (for example, to acquire goods or services, or change jobs).
When to Report
- The Regulations require organizations to conduct a risk assessment to determine whether the breach poses a “real risk of significant harm” to affected individuals, considering both the sensitivity of the compromised information and the probability that it will be misused.
- “Significant harm” may include humiliation; damage to reputation or relationships; identity theft; bodily harm; loss of employment, business or professional opportunities; financial loss; identity theft; and damage to or loss of property.
Who to report to
- Provide notice to affected individuals and to the Privacy Commissioner “as soon as feasible” – no set time limit is specified. Similar to the GDPR’s approach, the Regulations allow for updating of a breach report as additional information becomes available.
- Maintain a record of every security incident for 24 months after “the day on which the organization determines that the breach has occurred.” The records must be made available to the Commissioner and contain enough detail to allow the Commissioner to verify the organization’s compliance with applicable requirements.
- Organizations are not expected to report all breaches (but recall, organizations are required to keep a record of all breaches).
Failure to report a breach or to maintain required records is an offence under PIPEDA and non-compliance is punishable by a fine of up to $100,000 per offense. With respect to individuals, each person not notified will constitute a separate offense. Not keeping proper records of breaches, or destroying such records, also would constitute an offense subject to the CA$100,000 fine.
Who should report.
Generally speaking, the organization that is in control of the personal information involved in the breach must report the breach to the OPC.
For additional information see our Cyber Insurance coverage or contact us for a personal review.