Cyber security is now the top concern for senior executives with Canada’s financial institutions, according to a new survey conducted by the Global Risk Institute.
But not only do organizations need to worry about the damages sustained by a hack or breach, but they now also need to contend with new customer notification requirements as mandated by federal law.
“As part of the Digital Privacy Act amendment to PIPEDA, the Canadian government now insists that companies holding personally indemnifying information are required to notify customers in the event of a breach,” said Derrick Hughes, vice president, The Boiler Inspection and Insurance Company of Canada (HSB BI&I).
Hughes considers this legislation, which borrows many of its elements from legislation that has proven effective in various U.S. states, long overdue. Now that it is in effect, however, brokers can capitalize upon the opportunity it provides to sell related cyber coverage to commercial clients.
“When you look at some of the components of some of the cyber coverages that are out there, the breach notification piece or data compromise piece is key to ensuring that appropriate cyber insurance is in place,” he said.
The policies help to cover expenses for such subsequent actions as identifying the cause of the breach, quantifying the number of affected individuals and initiating a proper procedure to notify consumers.
Small to medium sized businesses are especially in need of an appropriate coverage option.
“There are data compromise products that specifically target small businesses, who are particularly vulnerable to data compromises and breaches since they don’t always have the same robust protection as large organizations do,” he said. “As a soft target for hackers, they need protection and case management services to protect their insureds.”
Brokers can also point to supplemental benefits of data compromise policies, such as its ability to mitigate some of the damaging PR that often accompanies a cyberattack.
“It is a reputation risk if you have a hack and are compelled to notify customers that their personally indemnifying information may have been inadvertently released or stolen, but hopefully they will see the goodwill that’s been extended to them and will stay with you over time, despite the event,” Hughes said.
