It works like a credit check for a company’s cybersecurity risk and the arrival of Canada’s Digital Privacy Act has made it an increasingly popular metric: FICO’s Enterprise Security Score, the three digit quantifier based on public data and a company’s individual risk profile, is attempting to become the industry standard for determining clients’ cyber risk.
“We’re getting a lot more interest in the Canadian market, specifically with the changes in the privacy law,” Kevin Deveau, head of FICO Canada said. “Organizations in Canada will have to disclose specific risks and also they need to disclose in their annual reports what they’re doing to counter cyber risk – so we’re definitely getting a lot more interest in the Canadian market, there’s an uptick, there’s no question.”
Cyber risk experts say smaller companies are becoming more of a target, especially through social engineering attacks where hackers impersonate a CEO via email and ask for sensitive data. As a result, the Enterprise Security Score has a price geared-to-size structure, so smaller companies pay lower prices.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
“Some of the small or mid-sized companies we’re speaking with, they’re getting more and more into the digital space as well,” Deveau said. “A lot of stores recently are shutting their bricks and mortar stores down and going strictly to digital distribution and that’s going to expose them even more.
“There’s more information in the market now, there’s more publicity about cyber threat and cyber breaches. You speak with a large company or a small company and everybody is getting more into the digital world with devices and smart phones – and that means they’re exposed to the same breaches as a bigger company.”
Willis Towers Watson lifts off cyber product for global airlines
Canada’s new MGA O2 Insurance sheds light on future plans