How cyber insurance can help reduce the online risks of businesses of all sizes

For this blog post, Get Cyber Safe has partnered with the Insurance Bureau of Canada (IBC), who, like us, understands how important cyber security is to businesses as well as individuals. This blog represents their perspective and we thank them for being a dedicated partner in the cyber security of Canadians.

Did you know that in 2023, the average total cost of a data breach to a Canadian company was approximately

$6.9 millionootnote 1? These days, high-profile cyber attacks are often hitting the news headlines, and while it’s usually a multinational corporation or large- organization getting the publicity, small and medium-sized businesses are equally at risk.

Research from Insurance Bureau of Canada (IBC) shows that many small businesses owners don’t believe they’ll experience a cyber attack. In fact, IBC’s 2023 Cyber Security Survey found that more than 60% of small businesses believe their business is too small to be targeted by cyber criminals. This number rises to 73% for sole proprietors. Most business owners surveyed were not concerned about their staff posing a cyber risk, yet many employees are concerned they’re putting their organizations at risk. Three out of four employees surveyed admit to having taken at least one action that poses a cyber security risk. The poll also showed growing employee concerns with cyber safety:

  • 25% don’t feel they have the tools and training needed to identify potential cyber threats at work
  • 22% are concerned their actions could contribute to a cyber attack or data breach
  • 10% have shared confidential information with a publicly available chatbot or artificial intelligence (AI) platform

Both employers and staff play an important role in cyber security and regular staff training is a critical component in reducing risk. Despite nearly 40% of small business employees indicating that they had seen an increase in scam attempts over the last 12 months, employer responses showed that they may not be making enough investments in cyber protection:

  • 69% do not consider cyber security a financial priority
  • Only 20% have any intention of purchasing cyber insurance within the next year
  • 17% think they would not qualify for cyber insurance

What can cyber insurance cover?

As cyber threats continue to evolve, business owners need to know more about cyber resilience and consider whether they need a cyber insurance policy for an extra layer of protection. Cyber insurance can help protect businesses against losses related to personal data security breaches, cyber extortion, technology disruptions and more. As most property or liability policies don’t clearly cover cyber risks and are not intended to cover cyber risks, business owners may want to consider getting a stand-alone cyber policy to help cover several costs resulting from online threats, which can include:

  • network systems and electronic data restoration expenses—restoring or recovering damaged or corrupted data caused by a breach, denial-of-service attack, or ransomware
  • security breach remediation and notification expenses— notifying affected parties and mitigating potential harm from a privacy breach, like providing credit monitoring to affected individuals
  • forensic investigations expenses— hiring a firm to investigate the root cause and scope of the data breach
  • legal costs and civil damages— paying for legal representation and possible damages related to a privacy or network security breach

Prevention and protection for small businesses

Whether or not a business owner chooses to get a cyber insurance policy, avoiding a cyber attack in the first place should always be the number one priority. While this task may seem overwhelming, Get Cyber Safe has tools to help. The refreshed Get Cyber Safe Guide for Small Businesses provides clear and simple steps for business owners to help keep their business safe online. It’s especially useful for those who do not have a dedicated Information Technology (IT) team, use social media and/or an e-commerce platform. It also provides customizable templates to help enhance your organization’s cyber security posture.   

Conclusion

Prevention is your best defence against cyber threats. All businesses and organizations, but especially those that rely heavily on an online presence and use e-commerce, should consider contacting their insurance representative to ensure they have appropriate coverage for their organization to help reduce their financial risk and liability from cyberattacks. But remember, cyber insurance is just one component of an overall cyber risk mitigation strategy – it’s not a replacement for cyber resilience. Visit GetCyberSafe.ca/business to download a copy of the Get Cyber Safe Guide for Small Businesses and for more business-related cyber security advice and guidance.

Date modified: