Research organizations have detected malicious activity, though the perpetrators have yet to be identified
Our Cyber Insurance Tool allows you to pick the policy that's right for you by comparing every plan offered by Canada's leading insurance providers. Have questions? Our Frequently Asked Questions can help you learn more about Cyber, and decide which product you should be looking for.
Compare Cyber Insurance Policies
Frequently Asked Questions(click to expand)
What is Cyber Insurance?
Cyber Insurance provides protection and coverage for the security and privacy of digital information, or data.
As soon as companies began storing sensitive information online, the need for cyber insurance was born. After all, if a business has valuable data stored on the internet, there is bound to be someone else looking to profit by stealing it. Addresses, social insurance numbers, and bank details can all be at risk once they’re stored electronically, and if you’ve ever bought anything online or backed up anything onto the cloud you’re well aware of the risks involved in a security breach.
Having cyber liability — and more importantly, having the right risk coverage for you or your company — is essential for modern day businesses and individuals.
Why do people need Cyber Insurance?
The need for Cyber insurance arose during the 1990s with the growth of internet businesses storing large amounts of personal data such as addresses, social insurance numbers and bank details. As the data grew, so did the need for securing it. Hackers were soon able to gain illegal entry to online databases and commit Cyber crimes by stealing the information they were able to access.
Who needs Cyber Insurance?
Now that most individuals and organizations store their data electronically, Cyber risks are higher than ever.Whether you have been online shopping, stored data in the cloud, created an online account or entered personal information into a database you are at risk of a Cyber threat.
Do large companies need Cyber insurance?
Large organizations and businesses are traditionally the primary targets of data breaches. Since they typically store large amounts of confidential or sensitive information, it can only take one hack for a criminal to gain unauthorized access to a wealth of data.
The larger the company is, however, the more complicated this data can be to insure, and some companies are unable to truly quantify the potential cost of a Cyber attack to their business. This can lead to companies under-declaring assets, information, potential threats or disclosing aspects of certain data.
Additionally, companies may not be able to declare certain data for confidential reasons, making it harder to insure, which lead to greater costs down the line if these areas are not covered adequately in the event of an attack.
If a large business does not take care to estimate the potential extent of damage caused by a Cyber threat, it can not only cause a massive financial loss but also run the risk of damaging the company brand or reputation.
Do small businesses and healthcare organizations need Cyber insurance?
While hackers mainly target large businesses, smaller companies and healthcare organizations have also seen a rise of attacks as their databases contain a wealth of personal data regarding the details of their clients and patients.
A smaller business is less likely to spend more money on security controls and encryption than a larger business, which may make them easier to hack.
No matter the size, an organization can be in possession of large amounts of confidential data. In fact, there has been a notable increase in reports where unsuspecting businesses have become victims of Cyber crime due to being underprepared, for example by not securing data and IT systems properly.
As smaller business and healthcare organizations are more vulnerable, they need to make sure they have not only tighter security controls but also sufficient Cyber insurance coverage, anticipating a worst case scenario. If a smaller business isn’t sufficiently covered, the recovery costs could be extremely high. The damage to a smaller company’s reputation could also prove deeper still, affecting the strength of running a business in the long run.
Do individuals need Cyber insurance?
Anyone who uses online services is potentially at risk of a Cyber crime. Whether you go shopping online, have a mobile banking app, or work from home, Cyber risks lurk everywhere. While insuring all your personal data might seem excessive, consider the value of some of the information you’re sharing online.
On a day to day basis it might not seem necessary to take out a specific insurance policy for personal Cyber coverage, however it is worth checking to see whether general home and contents insurance packages contain a Cyber add-on or extension. This could be useful if you use a personal computer or laptop, a mobile device, or work from home. By storing and transmitting personal information you can be just as much at risk of having your personal data as a small business with poor security controls.
High net-worth individuals may also want to consider a tailored Cyber package customized to their specific needs. As potential targets of Cyber-extortion and Cyber-bullying, there are insurance products emerging which take these emerging risks into consideration.
When do Cyber risks occur?
Cyber risks happen when data is not stored securely or is hacked into. There can be a Cyber security breach if secure information is not password protected, passwords are easily guessable, security firewalls are inadequate or if a virus is introduced into a piece of software. By insuring Cyber risks you are protecting yourself against the costs incurred when restoring or rescuing data, any financial loss (including loss of earnings), company reputation or repairs to damaged systems.
What kinds of Cyber risks are there?
Just as "Cyber" can be used as an umbrella term, "Cyber risks" can refer to several different types of risk areas. While there are many insurance companies that offer Cyber policies, it is important to make sure that the insurance policy covers all of the risk areas that are relevant to the client.
What is a Data Breach?
A data breach is when personal, protected, confidential or sensitive data is viewed, stolen or corrupted by an unauthorized user. By accessing personal information such as financial details, personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property, hackers can cause a substantial amount of damage, leading to a major business interruption. Business operations could be halted or delayed whilst the affected information is identified, recovered and encrypted. This is also known as an ‘unintentional information disclosure’, a ‘data leak’ or ‘data spill’.
What is Identity Theft?
Identity theft is when personal information, such as a bank account or credit card details, is stolen or copied, potentially resulting in financial loss if funds are taken illegally. Personal information can also be used for other fraudulent activities such as benefit fraud, people trafficking, drug trafficking, money laundering and other Cyber crimes. Identity theft can also cause potential difficulties in the future when applying for things such as loans, credit cards or a mortgage.
What is Phishing?
Phishing is a type of scam, usually via e-mail, that attempts to trick people into disclosing personal information, such as addresses and banking details. Spoof e-mails often disguise themselves as known or recognisable companies (eg banking providers, retailers, social media or governmental bodies) requesting users to confirm or disclose personal information. By falling prey to scammers it is possible to become the victim of identity theft resulting in the loss of control of an email address or bank account. This may also result in any stored data being wiped, corrupted or altered, as well as the loss of other personal and sensitive information.
What is a Virus?
A virus is malicious software that can be accidentally or deliberately installed onto a computer either through downloading a suspicious attachment, opening a suspicious email or opening a corrupted file. Malware, adware, trojan horses, keyloggers, rootkits and computer worms are all types of virus or malicious software which can infect, corrupt and damage computer systems and networks. Identifying, controlling, and erasing the virus can be very time consuming and expensive, especially if repairs are needed to recover contaminated data.
What is Spyware?
Spyware is a specific type of virus that records, views or interferes with another user’s software. As well as accessing sensitive information it can also transmit, redirect or track browser journeys and personal information. Spyware can also introduce the installation of additional software as well as redirecting web browser activity that can be tracked by advertisers or other third-parties.
What type of Cyber Insurance do I need?
Because no two Cyber insurance products are alike, it is important to understand exactly what kind of Cyber risks affect you, as well as what sort of Cyber liability coverage is offered, and what else a Cyber insurance policy can include.
Determining what sort of Cyber coverage is right for you or your organization will depend on whether you are insuring a large organization, a small business, or an individual. It is important to understand the differences between the types of Cyber insurance offered, otherwise you could be missing an essential risk area or wind up paying for unnecessary coverage.
Do I need a stand-alone Cyber Insurance Policy?
As more specialty insurance providers are responding to the demand and emerging trends regarding Cyber, the range of Cyber packages on offer is growing. As there are many types of Cyber risk, however, it is unlikely that you will find an insurance company offering multiple standalone Cyber insurance products.
Depending on how an insurance company organizes its listings you are likely to find individual Cyber products listed as specialty insurance, errors and omissions insurance, multimedia liability insurance, or technology and professional services insurance.
The benefit of purchasing an individual Cyber liability product is that Cyber will be the main area of the policy. This is advantageous because it will focus more on the specific Cyber risk areas that could affect you -- it would be unwise to include coverage for a data breach under a Cyber policy, for example, without also having coverage for viruses and malware that may have been introduced once illegal access had been gained.
A stand-alone Cyber insurance policy is recommended for businesses or organizations that store large amounts of confidential, personal or sensitive data. Companies that deal in e-commerce, as well as healthcare organizations, franchises, retailers, financial institutions and internet service providers would benefit the most from specialty Cyber insurance products, as they are more likely to need coverage for multiple Cyber risks than being adequately covered by a Cyber extension of another insurance product.
Should I purchase a Cyber Insurance Extension?
Some insurance companies offer all-inclusive or comprehensive insurance policies: One package that spans several different risk areas. Sometimes known as an addition or an add-on, an extension policy allows you to add coverage areas alongside the primary focus of the plan.
If your Cyber risks are limited or not as crucial as other risk areas then a Cyber add-on extension might be the right option. Small businesses with small databases, private healthcare organizations, home-businesses and high-net worth individuals may benefit from purchasing an extension on an existing policy or as an add-on to a comprehensive product.
This way, general Cyber risks such as data breaches and malware are covered as part of Business Interruption, Professional Liability, Errors and Omissions, Home and Crime products.
Other specialty insurance products may also include a Cyber add-on, and if there is a Cyber element related to the business or operations, a Cyber extension may be possible. However it is still important to check the details of exactly what is included in the extension. There is no point adding on Cyber coverage if it doesn’t include risk areas that are relevant to you.
An extension or add-on may only contain general Cyber risk areas and have smaller sub-limits of coverage that may not be enough for the needs of a business or individual.
Above all, it is important to be just as thorough with additional coverage as it is with a main policy, as it could be just as costly to assume you have relevant coverage as if you had none at all.
What else can a Cyber Insurance policy offer?
- Business Interruption
- Financial Losses and Loss of Earnings
- Privacy Liability
- First and Third Party Notification Costs
- Multimedia Liability
- Technology Errors and Omissions
- Court Attendance Costs and other Legal Expenses
Cyber products may also cover areas including Professional Liability, Defamation, Ransoms, claims regarding Intellectual Property rights, and Breakdown of Equipment and Machinery. If you are running a business or insuring personal data, any consequence of a Cyber attack can also be considered. Events such as these do not exist in a vacuum, and they can snowball into more catastrophic events, escalating damages even further.
What isn't covered by Cyber Insurance?
As with most insurance policies there may be a series of exclusions that are not included as part of the coverage. As each product is unique to the company offering it, it is important to check what is not included in case this is a specific risk area you are trying to protect. Some of the more frequent exclusions relevant to Cyber insurance policies include:
- intentional or deliberate acts
- illegal activities
- Privacy Liability
- outdated anti-virus software
- certain types of websites (adult entertainment, gambling, and sales of firearms or weaponry)
How much does Cyber Insurance cost?
Whether you are a large business or an individual, buying comprehensive Cyber insurance coverage or adding it on as an extension, the price of a Cyber insurance policy is going to differ from company to company.
These prices can change depending on whether you have been hacked, unsure whether you’ve been hacked, or if you are anticipating a potential hack.
What will my Cyber cover pay for?
Depending on the scope of your coverage, any premium rate quote, plus any potential deductibles or excesses, will be quantified accordingly. The limits of Cyber coverage can reach as high as $100m if you are operating a large business with several high risk areas. However the coverage will cover the costs and damages affected by the Cyber attack, including:
- investigation costs
- system repairs
- security updates
- legal fees
- customer notifications
- fines and damages
- PR and damage limitation to company or brand
How much is a Cyber Add-On?
An add-on to a pre-existing policy may be more expensive than if you buy a comprehensive policy that already includes a Cyber extension. Check the existing terms and conditions of your policy if it is something you are adding to at a later date. Otherwise, contacting an underwriter will help you assess how much an additional coverage will cost you.
If Cyber is not the main focus of your policy then a sub-limit amount will be quoted, as well as specifying certain, but most likely restricted, coverage areas and by up to how much.
As some insurance companies truly specialize in Cyber, rather than those either branching out or adding it to their historic products, it is worth shopping around to see who offers the best rates for the risk areas particular to you.
We spoke to Michael Loeters, Senior Vice-President at PROLINK, about the big issues when it comes to selling Cyber Insurance.
Video transcript available via Insurr.com.