What is a cyber insurance ?
A cyber risk or cyber insurance policy helps companies reduce their exposure to cybersecurity and data protection risks. It covers the cost of restoring your systems following a cyber attack or the impact of a data breach (Act 25).
Cyber risk concerns threats to a company’s technological systems or information, such as deliberate or accidental data breaches, by various means.
Sources of attack
|
What are they after?
|
How do they do it?
|
What does cyber insurance cover ?
In the event of a cyber attack, a company can incur several costs. A cyber insurance policy can help alleviate certain costs, such as loss of gross margin linked to the cyber attack, crisis management, legal investigations, restoration of your systems, ransomware payments, compensation claims and fines. The company could also be held responsible for protecting the data it holds and incur liability.
Considerations to take into account
- Identify your needs
Before taking out a cyber insurance policy, it’s essential to determine the scope of your company’s needs. For example: what is your revenue, do you have several sites, do you work mainly outside the office, what coverage are you aiming for, etc.?
- Determine your security risks
Identify your critical information, the location of your personally identifiable information (PII), the types of risks to which it is exposed (also a requirement of Act 25) and carry out a cybersecurity diagnostic.
- Ensure proper insurance coverage
The cost of cyber insurance depends on your company size, sector of activity, the vulnerabilities present in your technological ecosystem, but also on the guarantees covered and the deductibles defined. It is therefore very important to check the exclusions in the insurance policy to understand what coverage is included, its limits and what is not covered.
- Create a Cybersecurity Incident Response Plan
If an incident occurs, will you know what to do? Do you need to contact your cyber insurer immediately, and are you obliged to use their response team? Have you identified all the necessary contacts for effective crisis management (internal and external)? Do you know when you are required to notify the authorities, the Commission d’accès à l’information and the Canadian Anti-Fraud Centre?
Crisis management and communication around a cyberattack is also crucial to reassure your customers and suppliers to avoid impacts on the organization’s reputation.
- Implement essential security controls such as:
- Multi-factor authentication (MFA)
- Access management
- Tested backups
- Security policies
- Encryption of sensitive data
- Law 25 compliance
- Educate and train employees about cybersecurity risks and data protection.
How can Secur01 help you?
Secur01 has compliance expertise, cybersecurity competence and experience of multiple cyber risk mandates for clients of all sizes and industries.
- Do you need advice to help you navigate the requirements of Act 25 and ensure rapid compliance?
- Have you received a cyber insurance questionnaire from your insurer and need help answering it?
- Want to know how to ensure the right cyber risk insurance coverage and a reasonable premium?
- Would you like a security diagnostic of your infrastructure?
- Would you like a team of experts to take full responsibility for IT compliance and data protection in managed mode?
Contact us to ensure your compliance, increase your cyber resilience, reduce your risks, and optimize your costs.
