In today’s data driven world where sensitive information is stored and transferred electronically, organizations like yours, which handle, receive, collect and store all kinds of information are vulnerable to costly and damaging liabilities from data security breaches.
Whether your customer’s data is compromised by a hacker, virus, cyber thief, or simply because of lost or stolen computers, laptops, flash drives or smart phones, data security breaches can have serious ramifications. There are substantial financial costs involved in finding and remedying a breach, including the cost of notifying customers –now legally mandated in Alberta. It is estimated that 1/3 of all Canadian businesses have been subject to some sort of Cyber attack or at least a probe attack. The risk to you is that sensitive client data can be stolen. By law, you are required to take action by notifying all of your clients of a breach of their information. This can be a costly process. In the event of a data breach you may also be exposed to litigation by your clients if sensitive data is stolen. You can also suffer financial damage due to the interruption of your business operations as well as damage to your reputation as a safe place to do business.
Cyber criminals don’t kick down your front door –they get your employees to open it for them by sending them infected emails. Educating your people about these things is the most cost effective way to protect your business from Cyber attack. We also recommend that you employ third party consultants to assess your IT security. We can’t help you with your computer system’s security measures against these types of attacks, you need to have a detailed discussion with your IT service department / provider to ensure you have done everything possible to thwart cyber attacks with the most up to date fire walls, security software and antivirus software.
In addition to risk mitigation steps that can be taken, we can now provide you with a Cyber and Privacy Insurance policy. It can provide coverage for:
- Legal claims against you arising from unauthorized access to data containing identity information and the failure to provide notification of data breach where required by law.
- Legal fees associated with defending legal action against you as well as liability coverage in the event of a legal settlement against you.
- Security breach remediation and notification expenses
- Expenses incurred to restore data lost from damage to computer systems due to computer virus or unauthorized access
- Money paid due to E Commerce extortion
- Loss of income, and the extra expense incurred to restore operations as a result of a computer system disruption caused by a virus or other unauthorized computer attack.
- Loss of monies due to fraudulent transfer instructions to a financial institution can also be provided.
Cyber and Privacy Insurance should be considered if you handle or store any sensitive customer, employee or business information on your computers as you are at risk of Privacy Breach and/or Cyber attack. If you store information electronically or deal with credit cards, social insurance numbers, addresses, bank account information you are of interest to cyber attackers. If the risk of a cyber attack has struck a nerve with you, we encourage you to call us to look at how we can help you protect your business. If your business was exposed to a ransom ware attack and you are asked to cough up $30,000.00 the true cost would be much more than $30,000.00. There are costs for a forensic investigation, payment to lawyers to go through the notification process, public relations costs to mitigate reputational harm, etc. In a serious incident total costs could easily reach $100,000.00.
An online mortgage company reported a breach after several former employees gave mortgage lenders access to confidential customer records. Over a two year period, lenders obtained access to private client information, such as social insurance numbers, income and employment data, and used it to market their own mortgages. The mortgage company incurred the cost of notifying their clients, and the cost to protect the privacy and identity of the firm’s clients, restore their identity to pre-theft status if required and report any security breach to credit agencies. Total remediation costs were in excess of $75,000.
A mid-size accounting firm was broken into and laptop computers were stolen. Some of the information contained in these laptops was personal, including the social insurance numbers and bank account information of the firm’s clients. Overall, a total of nearly 10,000 of the firm’s clients were affected by this theft. Although the police investigating the case suspected that the theft was a simple “smash and grab,” the firm had not encrypted the information found in these laptops, making it easily accessible. There was a one month lapse between the time of the theft and the time the firm notified their clients.
The firm had to incur significant remediation costs, both to notify the clients and to retain a company to protect the privacy and identity of the firm’s clients, and restore their identity to pre-theft status as required and report any security breach to credit agencies. Total remediation costs were $150,000.
Although this example involves an accounting firm, it could apply to professional practices of all kinds, including medical clinics, medical professionals, business consultants, brokerages or any other type of professional dealing with sensitive and confidential information.
A medical clinic employee accidentally emailed a file with client names, medical records and provincial health card numbers to an unauthorized individual. The medical clinic notified its clients of the breach immediately. Two months after the breach, one of the clinic’s clients was a victim of identity theft and sued the clinic for damages. The final settlement was $50,000 and the cost to defend the clinic was $25,000.
Call us now so we can send you a Cyber Solution Insurance Application and we will put together a quote for you.