Protection is enabled and working. Shield and green checkmark. Legal protection. Insurance. Safety of investments. Security and legality. Good immunity. Cyber security

What is a cyber insurance ?

A cyber risk or cyber insurance policy helps companies reduce their exposure to cybersecurity and data protection risks. It covers the cost of restoring your systems following a cyber attack or the impact of a data breach (Act 25).

Cyber risk concerns threats to a company’s technological systems or information, such as deliberate or accidental data breaches, by various means.

Sources of attack

  • Disgruntled employees
  • Human error
  • Cyber attack on subcontractors
  • Cybercriminals
  • Hacktivists
  • Competitors
  • Organized groups
  • Foreign actors

What are they after?

  • Selling your information for profit (e.g. passwords)
  • Identity theft
  • Financial fraud
  • Ransomware/extortion
  • Stealing your intellectual property and trade secrets
  • Taking revenge
  • Damage your reputation

How do they do it?

  • Phishing attack
  • Social engineering
  • Exploit vulnerabilities (network, systems, computers)
  • Computer or cell phone theft
  • Purchase of stolen credentials
  • Intrusion into an unsecured infrastructure
  • Inadequate security practices

What does cyber insurance cover ?

In the event of a cyber attack, a company can incur several costs. A cyber insurance policy can help alleviate certain costs, such as loss of gross margin linked to the cyber attack, crisis management, legal investigations, restoration of your systems, ransomware payments, compensation claims and fines. The company could also be held responsible for protecting the data it holds and incur liability.

Considerations to take into account

  1. Identify your needs

Before taking out a cyber insurance policy, it’s essential to determine the scope of your company’s needs. For example: what is your revenue, do you have several sites, do you work mainly outside the office, what coverage are you aiming for, etc.?

  1. Determine your security risks

Identify your critical information, the location of your personally identifiable information (PII), the types of risks to which it is exposed (also a requirement of Act 25) and carry out a cybersecurity diagnostic.

  1. Ensure proper insurance coverage

The cost of cyber insurance depends on your company size, sector of activity, the vulnerabilities present in your technological ecosystem, but also on the guarantees covered and the deductibles defined. It is therefore very important to check the exclusions in the insurance policy to understand what coverage is included, its limits and what is not covered.

  1. Create a Cybersecurity Incident Response Plan

If an incident occurs, will you know what to do? Do you need to contact your cyber insurer immediately, and are you obliged to use their response team? Have you identified all the necessary contacts for effective crisis management (internal and external)? Do you know when you are required to notify the authorities, the Commission d’accès à l’information and the Canadian Anti-Fraud Centre?

Crisis management and communication around a cyberattack is also crucial to reassure your customers and suppliers to avoid impacts on the organization’s reputation.

  1. Implement essential security controls such as:
  •  Multi-factor authentication (MFA)
  • Access management
  • Tested backups
  • Security policies
  • Encryption of sensitive data
  • Law 25 compliance
  1. Educate and train employees about cybersecurity risks and data protection.

How can Secur01 help you?

Secur01 has compliance expertise, cybersecurity competence and experience of multiple cyber risk mandates for clients of all sizes and industries.

  • Do you need advice to help you navigate the requirements of Act 25 and ensure rapid compliance?
  • Have you received a cyber insurance questionnaire from your insurer and need help answering it?
  • Want to know how to ensure the right cyber risk insurance coverage and a reasonable premium?
  • Would you like a security diagnostic of your infrastructure?
  • Would you like a team of experts to take full responsibility for IT compliance and data protection in managed mode?

Contact us to ensure your compliance, increase your cyber resilience, reduce your risks, and optimize your costs.

Subscribe to our Newsletter

We strive to produce content that will be useful to you, which will let you know about the latest useful products as well as sustainable solutions for your IT fleet.

You may also like

Share this post with your friends

Leave a Comment

Rated 4.9/ 5 based on 20 customer reviews
Secur01 Inc.
4455 Autoroute 440 West, Suite 283 Laval, Quebec
Phone: 514-732-8701 $9-$999

Free Consultation

We will call you in a moment