As cyber security risks are increasingly at the forefront, businesses large and small must remain constantly proactive against attacks – including the White House. U.S. President Obama recently issued an “attack plan” against cyber hacks, warning of a “revolution” of computer threats and growing cyber aggression from nations such as Russia and North Korea, and terrorist organizations such as the Islamic State.
Said Lisa Monaco, Obama's homeland security at a New York cybersecurity conference, "To put it bluntly, we are in the midst of a revolution of the cyber threat — one that is growing more persistent, more diverse, more frequent and more dangerous every day. Unless we act together — government, industry, and citizens — we risk a world where malicious cyber activity could threaten our security and prosperity. That is not a future we should accept."
While the average Canadian business likely isn’t facing a malicious politically-motivated attack, it’s still vital that they are protected against potential privacy and data breaches says Lynn Blanc, technical lead of Technology Insurance at Encon – and it’s up to brokers to ensure they’re asking the right coverage questions.
“From a cyber perspective, they should be asking them questions as to how well prepared they are, do they have a response system in place in case there’s a breach? Do they regularly upgrade their security software?” she says. “Do they store large amounts of private information? Do they have a backup system in place that stores it via a separate server? These are questions that brokers would ask, and we do ask.”
She adds that it’s also important for businesses to know what to do in order to trigger their coverage, should they be the victim of a breach or attack.
“We have what you’d call a cyber breach coach that they would contact, who is essentially an expert – in our case, it’s a legal firm – to help them with ways to handle the breach. They might hire a forensic expert or computer consultant to investigate the breach. They would do that first and then notify us,” she says.
“That breach coach would also help them notify their clients, which laws they need to adhere to; if they’re doing business in the U.S., there are different breach laws all across the U.S. You need to know that, and not many people do. Remediation is the first step, even before a claim occurs, to protect themselves and the client. An insurer would have a breach coach or claims analyst to help them proceed with that.”
Customers were target of 4,000 state-sponsored cyber attacks monthly
Cyber insurance “pays off”: University of Calgary