Cyber risk insurance: should you get it for your business?

In addition to the stress of a cyber attack, businesses targeted by hackers also face financial risk, shutdown of operations or loss of their clients' trust. While basic security measures (two-step authentication, antivirus software, storing data in the cloud, etc.) may help protect your business from cyber threats, cyber risk insurance can help you limit the costly aftermath of a cyber attack.

Why are small businesses particularly vulnerable to cyber threats?

Did you know that close to 25% of Canadian small businesses have experienced cyber attacks since March 2020 ¹? Why are small and medium-sized businesses targeted? ‘Cyber criminals’ often look at small and medium-sized businesses as a stepping stone to bigger businesses with highly secure IT infrastructure. In addition, small and medium-sized businesses may store a substantial amount of information on their servers—both financial and personal—that belongs to their clients, employees, suppliers, volunteers, shareholders and other stakeholders.

Cyber criminals use a variety of tactics. Some of the most common are:

• Phishing
• Ransomware
• Malware

Phishing example

A hardware store employee opens an email and, without paying much attention, clicks the link inside. That's all it can take to create a breach and introduce malware into the company's IT system. That simple act can completely paralyze the IT system and lead to a 10 day interruption in the company's operations.

It's a tale that's becoming all too common. Cyber criminals use scam emails to access the IT systems of companies both large and small.

While business owners are adopting sound practices to avoid cyber attacks, the fact remains that in today's digital world any company is just a click away from a cyber attack.

Despite measures to keep IT systems secure, cyber incidents are now a risk that all companies face. Cyber risk insurance could help protect you against fraud and cyber crime and limit the costs—financial and otherwise—of any cyber attack that targets your company.

What is cyber risk insurance?

Cyber risk insurance is intended to minimize financial consequences and disruptions to your business resulting from cyber threats, such as an attack that blocks access to your IT system.

What it can cover

Cyber risk insurance may cover the cost of:

• A supplier to negotiate when a ransom demand is made and, if necessary, pay the ransom
• Identity restoration and reconstitution of lost or corrupted data or damaged software
• A defence in the event of legal proceedings
• Reputation management

What it doesn’t cover

This type of insurance can have some exclusions, such as:

• Future financial losses
• Losses associated with the theft of intellectual property
• Costs to improve internal IT systems, including security software upgrades

According to the Insurance Bureau of Canada, nearly half (46%) of the small to medium-sized businesses that suffered a cyber attack say the incident cost them more than $100,000². And while all types of businesses are exposed to cyber risks, they aren't all able to deal with them the same way. That’s why your local Desjardins Agent is available to help answer any questions you may have and assist you in finding insurance solutions that meet your specific needs. For more cyber risk insurance solutions, check out the Cyber Risk Offer from Desjardins Insurance.