Cyber Insurance

Cyber Insurance: Here's what you need to know

Imagine keeping all of your valuable belongings in your home, then hiding the key under the front-door mat when you go away on vacation. Doing the bare minimum to protect your assets would likely be unthinkable.

Leaving your business's data – perhaps its most valuable asset – vulnerable to theft should be just as unthinkable. You need to do everything you can to protect it.

With the increased number of Canadians working from home, and a dramatic surge in online business activities, organizations are facing an elevated risk of cyberattacks. Criminals are attempting to take advantage of the pandemic and targeting commercial enterprises.

It's critical to do as much as possible to protect your business' assets, while being prepared for the worst case scenario.

Cyber Insurance

Speciality insurance coverage for cyber risks is relatively new and continually evolving. Speak to your insurance representative to find out what coverage might work best for you to reduce your cyber risk.

Cyber insurance can cover a range of cyber events, including:

  • Data confidentiality breaches: The loss of and/or unauthorized access to or disclosure of confidential or personal information;
  • Cyber extortion: A demand for payment under threat of causing harm to your data; for example, disabling your operations or compromising your confidential data; and
  • Technology disruptions: A technology failure or denial-of-service attack.

Cyber insurance can help businesses cover a number of costs resulting from these events, including:

  • Legal and civil damages: Paying for legal representation and possible damages related to a privacy or network security breach;
  • Security breach remediation and notification expenses: Notifying affected parties and mitigating potential harm from a privacy breach, such as providing free credit monitoring;
  • Forensic investigations expenses: Hiring a firm to investigate the root cause and scope of the data breach; and
  • Computer program and electronic data restoration expenses: Restoring or recovering damaged or corrupted data caused by a breach, denial-of-service attack or ransomware. 


Cyber insurance products are provided in one of three ways:

  1. Stand-alone cyber insurance policies (policies specifically for cyber risks) are the most common cyber policies in Canada, the United States and Europe.
  2. A traditional property and liability insurance policy may include coverage for cyber events. These policies typically have very low limits that would not cover the full cost of a breach or cyber attack.
  3. Endorsements (also known as riders) can add, remove or exclude certain cyber coverages, altering a cyber or traditional insurance policy to meet specific needs.

Unlike stand-alone cyber insurance, which clearly defines the parameters of cyber coverage, as noted above, many traditional policies do not specifically refer to cyber risks. If your business is vulnerable to cyber risks, don't rely on a traditional commercial policy. Talk to your insurance representative about what kind of insurance solution best suits your needs.

Speak to your insurance representative to make sure you have the right cyber coverage for your business.

Six questions to consider when buying cyber insurance

  1. How many records containing personal information does your organization retain or have access to?
  2. How many records containing sensitive commercial information does your organization retain or have access to?
  3. What security controls can you put in place to reduce the risk of having your system compromised?
  4. Do all portable media and computing devices need to be encrypted?
  5. Is unencrypted media in the care, custody or control of your third-party service providers?
  6. Could you make a claim if you were unable to detect an intrusion until several months or years had passed?

Cyber insurance cost and availability

Specialty insurance coverage for cyber risks is relatively new and continually evolving. While the need for cyber insurance has increased in recent years, the frequency and severity of claims have increased at a faster rate. Data from MSA Research shows that over the past three years, insurers paid out $2.30 in claims and operating expenses for every dollar they earned in premiums. Consequently, some business owners may experience challenges when trying to secure adequate or affordable cyber insurance. Speak to your insurance representative to find the coverage you need to reduce your cyber risk.