Left Navigation

Cyber Liability - Risk Management


Cyber Liability - Risk Management

​According to an Insurance Information Institute Report, in 2013, 84% of all records exposed by data breaches in the United States belonged to businesses.


Cyber losses are extremely costly. Just one stolen laptop that contains personal and confidential data can cost a business an average of USD $39,000. According to research by Ponemon Institute, this cost includes the laptop and stored data, as well as damage related to criminal use of stolen data.2 With 91% of U.S. companies dealing with tablet and laptop thefts and/or losses, according to IDC research, data breaches are a widespread concern.

As viruses, data leaks and cyber attacks become more commonplace, Canadian insurers are developing coverage options to help businesses manage critical liability risks. With hidden vulnerabilities coming to light only after a successful attack, standard best practices for cyber risk management are developing.

Considerations for Mitigating Cyber Risks​

Recognizing the damaging consequences of cyber-related threats, Canada’s Office of the Superintendent of Financial Institutions (OSFI) issued a 2013 memorandum that outlines key lines of defence. 

While identifying and mitigating cyber risk is an evolving process, OSFI suggests that the following actions may be helpful when assessing your business’s cyber exposures:

  • Establish a senior management governance group to set organizational policies, risk management procedures, audits and external benchmarking protocols.
  • Integrate cyber security into your organization with financial resources, experienced employees, and assigned roles and responsibilities. 
  • Implement a schedule for regular security tests and corrective control measures.
  • Document your data infrastructure. Include all networks, software, hardware, data devices and electronic assets. Schedule an inventory review so any losses can be quickly identified.
  • Use current software tools, policies and procedures to prevent the unauthorized distribution of data. Data monitoring tools such as anti-virus software and firewalls can help to identify threats and manage exposures.
  • Create an incident report to track details of a security breach and response and mitigation activities, as well as internal and external communications. 
Ask your insurance representative about the newest risk management best practices for your industry.  ​

Cyber Risks: The Growing Threat ​​​Articlesbase.comLaptop Theft Nearly Universal in EnterprisesOSFI Releases Memorandum Regarding Cyber Security