Did you know?
- 18% of Canadian SMEs and 42% of companies with 100 to 499 employees experienced at least one computer data theft between 2017 and 2019.1
- 37% of SMEs that fell victim to a cyber attack estimate that the extent of damages was $100,000 or more.2
- Only 21% of companies have cyber risk insurance policies, while 50% of companies believe they are vulnerable to a cyber attack.3
- 60% of SMEs that fell victim to a cyber incident closed their doors within 6 months of the cyber attack.4
- In 2018, cybercrime was the second main concern of all businesses, globally.5
- In 2016, the average financial cost of a cyber attack was estimated at over $900,000.6
- Globally, companies had to pay more than $450 billion as a result of cyber attacks in 2016.7
- In 2019, 58% of cyber attack victims were SMEs.8
- 44% of companies do not have cyber risk defense systems or policies in place while over 56% of companies confirm that they handle confidential computer data on a regular basis.9
- Canadians visit more websites and spend more time online than residents of any other country. They visit an average of 80 websites per month and spend 36.3 hours online each month.10
Frequently asked questions
What is cybercrime?
Cybercrime can take many forms of varying degrees of severity. Cyber criminals are innovative, bold, and creative when it comes to sophisticated malicious acts that endanger the privacy of your company's computer data. Here are a few common examples:
- Computer worms, viruses or Trojan horses that give cyber criminals access to your confidential data.
- Phishing emails or fake internet links.
- Cyber extortion and ransom demands to recover the operating systems or data that was taken hostage.
- DDoS attacks which can block your web server, denying access to your data.
Am I a potential cybercrime victim?
Whether you are a company that uses the internet or computer software as a data storage tool, or you collect confidential or sensitive computer data (from your customers, employees, or business partners), or if even just a portion of your operations are automated, you are certainly a potential target for cybercrime. Unfortunately, no company or individual is immune from a cyber attack, hacking, or data theft that could have significant financial consequences for you and your customers. Cyber criminals attack small, medium, and large-sized businesses alike.
How would cybercrime affect my business?
In the aftermath of a cyber attack, even a temporary disruption in your operations could affect your customers’ trust, leaving a lasting impact on their loyalty towards your business. The negative impact on your company's reputation could be huge and could last for months or even years, causing a significant drop in your turnover that could jeopardize the very survival of your business. According to Intact Insurance, the statistics are clear on this topic: without adequate coverage, 60% of businesses will close their doors within 6 months of a cyber attack.4
What is cyber risk insurance?
Cyber risk insurance was designed to cover financial damages caused by a cyber incident that affects computer data or exploits gaps in the information technology systems used by the business to store and protect its data. Cyber risk insurance is complementary to your property and liability insurance, since risks that affect computer data are typically excluded from other primary insurance policies.
Who is cyber risk insurance for?
Today, businesses increasingly rely on IT and the internet to reach a larger customer base. Your business model has undoubtedly changed in recent years, with the explosion of IT resources and platforms that make life easier for businesses and consumers alike. The potential impact of a cyber incident is therefore becoming a growing concern for every business, regardless of its size. As a business owner, you are responsible for the security and privacy of your customers’ and employees’ personal information. Cyber risk insurance is therefore essential for any business that uses, hosts, or stores confidential, personal, or sensitive data.
Cyber risk insurance coverage
Cyber risk insurance can be tailored to meet your needs. Let us help you assess your business’ risk level, identify the coverage that would apply to your daily operations, and suggest the correct indemnity limits for each type of coverage. We can approach various specialized insurers for products that are best suited to meet your specific needs. Cyber risk insurance typically includes two sections with different coverage elements. The first section covers damage caused to the insured as a result of a cyber event. This section may contain up to 4 elements of coverage, namely:
Crisis management costs, such as costs relating to:
- Finding and hiring the experts and forensic specialists required to identify the breach and to secure the systems and software in real time.
- Looking for, identifying, and notifying all of the individuals (clients, business partners and employees) affected by the security breach.
- Finding and hiring public relations experts if the company's reputation is affected and needs to be restored.
Cyber extortion costs, in particular, the costs incurred by:
- The management of the extortion or ransom demand received from cyber criminals.
- The minimization of the threat of various subsequent cyber events by the same cyber criminals.
Damage to the computer systems, such as costs related to:
- The repair or replacement of computer applications and software.
- The search, recovery, and complete restoration of lost or stolen computer data following a breach.
Business interruption resulting from a cyber incident, either:
- The loss of income and/or additional expenses incurred by the interruption of the insured's daily operations.
- The cost of restoring your business’ reputation.
The second section offers coverage for damages caused to third parties as a result of a cyber incident that affected your business. It can contain up to 3 elements of coverage, in particular:
- Network security and the resulting civil liability, for example, the reimbursement of damages owed to third parties who have been subsequent victims of the data theft itself or whose own systems were affected by a virus transmission originating from your system or network.
- The payment of certain penalties, sanctions or fines as imposed by a regulatory body following a security breach that affected the data of third parties.
- Media liability, including the assumption of legal costs resulting from defamation, the violation of a third party’s confidential data or intellectual property.
1 According to 2019 data from the Insurance Bureau of Canada.
2 According to 2019 data from the Insurance Bureau of Canada.
3 According to a survey conducted by the Insurance Bureau of Canada in 2019, in partnership with Léger.
4 According to Intact Insurance Company of Canada.
5 According to Allianz, an international insurer.
6 According to the PWC’s 2016 Global Economic Crime Survey, reported by The National Post.
7 According to the PWC’s 2016 Global Economic Crime Survey, reported by The National Post.
8 According to the 2019 Verizon Data Breach Investigations Report, reported by CFC Underwriting Ltd.
9 According to the Insurance Bureau of Canada.
10 According to ComScore Canada.