Over the last few years, cyber attacks have been frequently been appearing in the news. Recent high-profile cases include Indigo Books & Music, Sobeys parent company Empire Co. Ltd, and Barrick Gold Corp. While large companies may seem like common targets for cyber criminals, small and medium-sized businesses (SMEs) are also at risk—even if they’re less likely to make the headlines.
As cyber threats continue to evolve, SMEs need to know more about cyber resilience and think about whether cyber insurance is right for them. Cyber insurance can help protect businesses against losses related to personal data security breaches, cyber extortion, technology disruptions and more. As most property or liability policies don’t expressly cover cyber risks, or have very limited coverage, you may want to consider getting a stand-alone cyber insurance policy for your business, along with taking preventative measures.
IBC has been supporting businesses’ efforts to increase their cyber resilience and to understand risk mitigation measures such as cyber insurance through its annual Cyber Savvy public education campaign. This year, the campaign features a self-assessment tool for SME owners considering a cyber insurance policy. This 10-question assessment can help business owners learn about the cyber security protocols and best practices that most cyber insurers look for when assessing risk and poses some of the questions that cyber insurers may ask during the application process.
For example, owners will be asked to consider:
Their cyber risk,
If they collect and store customers’ personal information
What security procedures they have in place, and
How frequently their employees receive cyber safety training.
These questions are similar in nature to what a business owner might see on a cyber insurance application. Depending on the answers, the questions will direct users to appropriate cyber resources for more information. Some businesses may find that they’re ready to apply for cyber insurance while others may need to work on improving their risk profile. It is important to note that this free tool cannot provide an actual risk assessment for SMEs, but it can help gauge the level of readiness for cyber insurance and help determine which areas businesses may need to focus on to bolster their cyber resilience.
The 2023 Cyber Savvy campaign also includes new research on small business owners’ cyber awareness, building on the previous year’s research, which focused on educating employees on cyber hygiene. The cyber insurance self-assessment tool, 2023 research, and other resources including information from the Canadian Centre for Cyber Security are available at www.cybersavvycanada.ca.
All businesses and organizations, but especially those that rely heavily on an online presence and use e-commerce, should consider contacting their insurance representative to make sure they have the right coverage for their organization to help reduce their risk from cyberattacks. However, cyber insurance is just one component of an overall cyber risk mitigation strategy – it is not a replacement for cyber resilience.
If you have a question about cyber insurance, phone IBC’s Consumer Information Centre at 1-844-2ask-IBC (1-844-227-5422)
