.jpg)
Small businesses in Canada represent a fertile ground for brokers selling cyber-insurance.
A recent survey of 520 small, medium and large Canadian businesses indicates that larger companies are somewhat better-prepared for a cyber-attack than medium and smaller businesses.
Overall, 69% reported some kind of attack within a 12-month period. The survey canvassed businesses in the finance, airline, shipping, telecommunications, utilities, aerospace, defence and retail sectors
“The majority of respondents (64%) say that senior management takes cyber-crime threats seriously,” according to the International Cyber Security Protection Alliance (ICSPA) survey, sponsored by Above Security, BlackBerry, CGI Group Inc., Lockheed Martin and McAfee Inc.
“However, there are considerable gaps in Canadian businesses’ preparedness against cyber-crime.
“Large businesses are somewhat better prepared than medium and small ones, but still much remains to be done to prevent and deal with such attacks.”
For small businesses in Canada, protecting against cyber-risk is partly going to come down to cost. The premium for an insurance policy that offers $1-million worth of cyber-liability protection might be a “drop in the bucket” for larger organizations, but this represents a substantial outlay for a smaller organization, brokers say.
A full standalone policy would cover off damage to the company systems and lost revenue, for example. Investigation costs are expected to be introduced as the standalone product becomes more generic.
Smaller businesses have options in terms of obtaining insurance coverage.
For example, E&O insurers bake small bits of cyber-liability into their policies. Also, some cyber protection is offered in CGL policies.
“If you look at the policies, and some of the riders you can get on them, you can get the cyber risk – or parts of it,” said Robert Harrison of Martin Merry & Reid Ltd.
Small businesses can also be flexible in terms of establishing a sound risk management regime to reduce cyber liability.
“In discussing that kind of liability with a small business, they are in a better position to think about the checks and balances of how they go about their electronic commerce than is a larger business,” said Harrison. “A properly managed set-up process will reduce your cost of insurance, full stop.”
Small businesses have a natural advantage over larger companies in that they have fewer points of entry for cyber hacks to occur, for example. They have less data to be stolen. Plus, it is less complicated for them to narrow their electronic gateway to hackers (i.e. large companies may have several thousand electronic inquiries to manage on their systems each day, whereas small businesses may have a few hundred daily inquiries or fewer).
Brokers can ultimately take advantage of the fact that very few small business owners are schooled or trained to think about cyber protection, Harrison said.
“As far as I can tell, small business school doesn’t teach proper risk management when you set it up,” he said. “All they talk about is: identify a product, identify a target market, organize your materials, get your supply chain in order, and go. They don’t talk about the risk of somebody getting to your product, the risk of somebody getting to your client.”
