New cyber reporting regulations mean reviewing devices: Trisura

New cyber reporting regulations mean reviewing devices: Trisura | Insurance Business Canada

New cyber reporting regulations mean reviewing devices: Trisura
One insurer is asking its clients in all industries and of all sizes to review their mobile devices and software security systems in light of an increasingly tougher regulatory landscape.

Companies will face more stringent requirements for reporting hacks, better secure health information and face harsher penalties for poor record keeping.

Learn more about cyber insurance here.

Trisura Insurance said these changes, coming from the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Office of the Privacy Commissioner of Canada, “create a need for applicable insurance options.”

The reviewed regulations bring Canada’s standards more closely in line with what companies are required to comply with south of the border.

“Clients both big and small should conduct an audit of their existing cybersecurity position, including an evaluation of who and what is connected to their systems and networks, what is running on their systems and networks and whether they have technology in place to prevent, detect and deal with most breaches,” Michael Kalakauskas, the senior underwriter in Trisura’s specialty insurance department said.

“These organizations should also consult cyber experts regularly if they do introduce new devices to their businesses or personal lives.”

Kalakauskas noted Internet of Things devices like wireless webcams, routers and smart home security gadgets are connected to networks and people, connections that could have vulnerabilities and are worth examining.

These measures are notably important in Canada now, given provincial and federal governments are beefing up cyber safety rules.

“Likewise, companies should make sure their employees are taking good care of their devices,” Kalakauskas advised.

Another legal adjustment affecting the cyber insurance market in Canada includes reworking statutory offenses, something Kalakauskas believes will drive up class action lawsuits and calls “an unfortunate certainty.”
Canada’s anti-spam laws and the Bank Act are also set for revisions.
“(This year) should be a very interesting year from a cyber regulatory standpoint. In Canada, data protection and cybersecurity are governed by an intricate legal and regulatory framework and this framework is constantly evolving,” Kalakauskas said. 

Related stories: