Cyber insurance is today’s hot product. As more and more data breaches are reported in the news, businesses are starting to wise up to the fact that their intangible assets are just as valuable, if not more valuable, than their tangible ones. While cyber security awareness slowly picks up in Canada, the number of commercial entities purchasing cyber insurance is also on the rise.
“We’ve definitely seen more interest in cyber insurance over the past 12 months,” said Kyle Gray, director of underwriting at Ridge Canada, and moderator of Insurance Business Canada’s upcoming ‘Selling cyber insurance in 2018’ webinar.
“The increase is partly due to mass media coverage of cyber events, but it’s also down to the heightened frequency of claims and incidents,” he added. “People are starting to understand that cyber criminals are no longer just targeting large data-heavy companies; they’re looking to disrupt any business from any sector with a vulnerability they can target in return for a ransom.”
Despite cyber risk becoming ever more inclusive, there are a number of key industry sectors where cyber insurance is a vital purchase. Healthcare is a prime example of an industry that needs cyber insurance, according to Gray, because of the amount of sensitive, personal information being collected and held. Other sectors where cyber insurance purchase behaviour is picking up include: municipalities, professional service industries and the manufacturing sector.
Traditionally, cyber insurance has been deemed a bit of a hard sell among smaller businesses – a trend that rings true in Canada and the rest of the world. But in the past year, Gray claims to have seen an uptick in purchase behaviour among smaller commercial clients, which he attributes partly to the “availability and affordability of cyber insurance policies.”
“Today, a fairly small business with non-personal information-heavy records is able to get $1 million of coverage for about $1,000 per year. I think they’re starting to realize that cyber insurance is affordable and it’s worth the cost to mitigate any potential disruption,” he told Insurance Business.
Another factor helping to generate interest and awareness around cyber security and risk transfer is the heightened regulatory scrutiny around the world. On November 01, mandatory breach notification regulations will come into force in Canada under the Personal Information Protection and Electronic Documents Act (PIPEDA). This means that all Canadian companies will have to pay extra attention to safeguarding the personal data they collect and retain.
“In my experience through events like conferences and meetings, it seems like business owners in Canada aren’t completely aware of the changes that are ongoing under PIPEDA,” Gray commented. “Some business owners aren’t even aware of the existing legislation, let alone the upcoming changes and how they will impact them.
“Insurance brokers can play a part in educating their clients about regulatory changes, but I wouldn’t say the responsibility rests solely on their shoulders. The government has provided lots of information and guidance online around how to make businesses more cyber secure and how to abide by the upcoming legislation. I think business owners need to take a bit more of a vested interest in these types of things and be aware of the changes that might impact their business operations.”
Hear more from Gray and a top panel of cyber security experts in the exclusive ‘Selling cyber insurance in 2018’ webinar, which is taking place on October 04 at 2pm ET.