expert ’ s corner
management framework . However , it is impossible to reduce cyber risk to zero , as deliberate malicious acts by an employee or key vendor are difficult to completely prevent . Cyber insurance is a prudent risk mitigation tool that can protect your organization . In the event of a breach , cyber insurance can provide the financial assistance you will need to keep operating , address the breach and defend against lawsuits .
WHAT DOES CYBER INSURANCE COVER ?
Cyber insurance is a highly unique form of coverage because it can cover expenses incurred to address a breach , as well as provide the legal defence you need to respond to a lawsuit . The forms of coverage available are as follows :
First Party Coverage ( i . e ., coverage for your costs and expenses incurred ) 1 . Privacy Breach Remediation , Response and Notification Expenses : Covers fees , costs or expenses incurred by the policyholder for the following : a . Determining the persons whose information was accessed without their authorization and the communications required to notify them ; b . Credit monitoring services to those affected ; c . Compliance with any security breach notification laws .
2 . Digital Asset Restoration Expenses : Covers the costs or expenses incurred by the policyholder to restore , replace or reproduce damaged or destroyed computer programs , software or other electronic data .
3 . Business Interruption Loss : Covers your loss of business income and the extra expense you incur directly resulting from a disruption to your computer system .
4 . E-Commerce Extortion Threat : Covers the costs incurred by the policyholder resulting from threats made to you by an individual or entity other than an employee , expressing an intention to : a . Cause the policyholder to transfer or pay any funds using a computer system without your authorization ; b . Sell or disclose confidential information about a customer of the policyholder ; c . Alter , damage , or destroy any computer program , software or electronic data that is stored on the policyholder ’ s computer system .
5 . Computer and Funds Transfer Fraud : Covers the policyholder ’ s loss of money or securities resulting from : a . An intentional , unauthorized and fraudulent instruction transmitted to a financial institution ; b . An intentional , unauthorized and fraudulent entry of data or computer instructions .
INSURANCE IS OFTEN THE STOPGAP REQUIRED TO PREVENT A SMALLER COMPANY FROM CEASING OPERATIONS AS A RESULT OF THE FINANCIAL LOSSES INCURRED AS A RESULT OF A CATASTROPHIC BREACH .
Third Party Coverage ( i . e ., coverage to defend lawsuits brought against you ) 1 . Network Security and Privacy Breach Liability : Covers claims brought against the policyholder alleging : a . Policyholder ’ s failure to prevent unauthorized access to , or use of , electronic or non-electronic data containing personal identity information ; b . Policyholder ’ s failure to prevent the transmission of a computer virus into a third party ’ s computer network or application software ; c . Policyholder ’ s failure to provide notification of any actual or potential unauthorized access to , or use of , confidential information of others if notification is required by any security breach notification law .
2 . Internet Communications and Media Liability : Covers claims brought against the policyholder alleging : a . Policyholder ’ s unauthorized use of , or infringement of , copyright , title , slogan , trademark , domain name or logo ; b . Policyholder ’ s defamation , libel , slander , disparagement or harm to the reputation or character of any third party person or organization .
3 . Regulatory Defense Expenses : Covers the legal defense costs incurred by a policyholder to defend an investigation or regulatory proceeding brought against the policyholder by a federal , provincial or government entity .
An effective cyber security strategy can help reduce the risk of a privacy breach or data security incident . The supply chain can represent a significant vulnerability for your organization and Canadian organizations should consider cyber insurance as an important component within their overall risk management strategy .
Derrick Leue is the president of PROLINK , Canada ’ s Insurance Connection . PROLINK is the proud insurance partner of SCMA and manages the business insurance program and the home and auto program for members .
32 • SUPPLYCHAINCANADA . CA • SCMA