In 2019, technology is a part of our daily lives in ways we never expected. Ride sharing apps allow you to get a lift anywhere you want in a stranger’s car. Need groceries? You don’t even need to put on shoes anymore - just order online. Can you even remember the last time you stepped foot in a bank? Why bother when you can do everything on your phone?
While a lot of these changes have made our lives easier, the reality is that technology moves a lot faster than our laws and regulations can keep up with. As we move more and more into a digital world, the risks we are exposed to have changed, and business owners need to know what those risks are.
According to a recent report from Accenture and the Ponemon Institute called The Cost of Cyber Crime, the cost of cyber related crimes to companies around the world has increased by 72 per cent in the past five years.
Headlines about cyber crimes have become commonplace. Companies like Capital One, Air Canada and Facebook are just a few recent victims of cyber attacks.
Based on the headlines, it might seem like small and medium sized businesses don’t need to worry about this type of attack. According to BrokerLink insurance advisor Geoff Haddock, that is not the case.
“Small businesses don’t think they’re going to be hacked. Nothing could be further from the truth,” Haddock says. “Every business is exposed. It’s just a matter of how much exposure you have.”
Publicly traded companies have an obligation to report security breaches to their investors. These stories get a lot of publicity, making it seem like they are the only players affected. However, small to medium sized businesses don’t face the same scrutiny, so you might not hear about smaller scale attacks. Today, the risk of a privacy breach is much greater than a more traditional risk you might expect, such as a fire.
“Among the biggest risks for a business are cyber incidents, including privacy breaches, and the resulting reputational damage,” says Haddock.
Cyber insurance is not as new as many people think, and in fact, it has been around for over 20 years. In the late 1990s, Y2K had many companies scrambling to prepare for the year 2000.
For those too young to remember, Y2K was when businesses around the world realised computer programs would read the 00 at the end of 2000 as 1900. There was a real fear that this would result in mass chaos. In the end, it was very anti-climactic, and no significant problems occurred. However, a few insurers sold Y2K coverage.
Unlike Y2K, the threat of privacy breaches is very real. Some business insurance policies have a built in cyber insurance policy of $25,000. When people see that, they often get a small sense of security. But according to Haddock, for most businesses, this is not enough. After a security breach, your business could be on the hook for a significant amount of damages.
You might have to do forensics to determine what happened. You might have to replace hardware. You might have to pay for any damages incurred by your clients. You could also be vulnerable to lawsuits from affected clients. If that happens, that $25,000 will run out pretty quick.
Regulation is slowly starting to catch up with the breakneck pace of technology. Laws regarding privacy breaches have changed in Canada. As of November 1, 2018, any company, small or large, must report “breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals” to the Privacy Commissioner of Canada. Failure to do so can result in significant fines.
“A lot of Canadian businesses don’t even know about this,” Haddock says.
If it seems overwhelming, you’re not alone. Many insurance brokers have learned all the risks their clients might face when it comes to privacy concerns. Haddock has invested a lot of time learning about cyber insurance, and how he can be a valuable resource to his commercial clients. When Haddock is trying to find cyber coverage that makes sense, he says it’s all about getting to know the client, and learning about their business.
“It’s more about asking questions than preaching,” Haddock says. “Our job is to inform people and make them aware of the risk, and to find transfer solutions to make them whole again.”