What Small Businesses Need to Know About Cyber Insurance

• According to the Canadian Anti-Fraud Centre (CAFC), there have been over 150,000 reports of fraud in Canada, with over $600 million stolen since January 2021. CAFC notes it received over 63,000 reports of online fraud resulting in $569 million in losses in 2023, and a total of $284 million has been lost to fraud so far in 2024.

• Artificial intelligence (AI) is projected to make cyber threats a greater risk in the months and years ahead. The Canadian Security Intelligence Service (CSIS), Canada’s foreign intelligence service and security agency, reports AI systems can collect, process, analyze, and store significant volumes of data. If a system is hacked or a security breach occurs, this can easily be stolen, manipulated, and extorted for nefarious purposes.

• Sophos, a cybersecurity provider, reports that ransomware attacks continue to pose a significant threat to Canadian organizations. In 2023, 59% of organizations were hit, and the average demand from attackers was $2 million (94% of initial ransom demand is paid on average).

• IBM’s report on data breaches in 2023 reveals a stark reality – the average cost of data breaches was US$4.45 million, and a staggering 70% of organizations experienced a data breach last year.

• Alarmingly, the Insurance Bureau of Canada’s (IBC) 2023 Cyber Security Survey of small businesses found that over 60% of small businesses and 73% of sole proprietors believe their businesses are too small to be targeted by cybercriminals.

Small Businesses Need to Get Serious About Cybersecurity

Small businesses, sole proprietors, and independent professionals are not immune to various types of cyber-attacks. That 69% of Canadian small businesses don’t consider cybersecurity a financial priority and only 20% have any intention of purchasing cyber insurance, as per IBC’s report, puts them on the frontline for a financially devastating attack.

There are many inexpensive things small business owners and sole proprietors can do to increase their cybersecurity defences, such as:

• Use complex passwords with at least 12 characters, including numbers, symbols, and uppercase and lowercase letters. Deploy multifactor authentication (MFA) that requires your employees to verify their identities when logging onto your systems. For example, you can turn on two-step authentication for free if your business uses Gmail.

• Regularly update your computer and mobile phone operating systems, and deploy antivirus software on your systems.

• Backup and encrypt your company data regularly and store it in multiple locations, such as encrypted cloud storage and external hard drives. Use role-based access controls to restrict access to sensitive company data.

• Secure your company’s Wi-Fi network with WPA3 encryption and use a strong, unique password for employees to access it. If you offer your customers free Wi-Fi access, set up a separate network for them to use.

• Monitor your internal network constantly for unusual activity and unauthorized access. Perform security audits regularly and immediately address any identified vulnerabilities.

• Ensure your online and digital payment systems comply with the Payment Card Industry Data Security Standard (PCI DSS). Take action to protect your business’s point-of-sale (POS) system from fraud.

• Train your employees on cybersecurity best practices and ensure they can recognize phishing emails, suspicious links, and social engineering attacks.

How Cyber Liability Insurance Can Help Your Small Business

Cyber liability insurance can be added to your existing overall policy or purchased as standalone coverage. It’s designed to help a business or independent professional deal with and recover from a cyber-attack or data breach.

Specifically, cyber liability insurance helps by:

• Covering the cost of access to an IT cyber incident response team to assist your business in coordinating a response following an attack. For example, the support team will tackle all the subsequent events of a cyber-attack, such as helping advise your customers that have had their data stolen.
• Providing coverage for legal advice, crisis management services, notification fees and credit monitoring for your business and customers.
• Paying to repair and restore your compromised software systems.
• Covering your income losses due to a systems outage following a cyber-attack.
• Helping cover lost funds due to a successful social engineering attack that results in being defrauded (an optional coverage you can include in your policy).

In addition to cyber liability insurance, you can also buy cybercrime insurance to cover loss of funds from specific types of attacks, including phishing attacks, spear phishing attacks, or a hacker infiltrating your servers, website, and email accounts. For example, it covers funds transfer fraud if you transfer money to a customer or supplier, and a hacker intercepts and re-routes the money in transit so your customer doesn’t receive it.

But here’s the rub: purchasing cyber liability insurance after you’ve suffered a form of cyber-attack or data breach won’t help. You need to get it now while shoring up your cybersecurity defences to thwart an attack before it craters your business.

How to Get Cyber Liability Insurance Now

Zensurance can help you get cyber liability insurance protection for your small business needs quickly and easily.

Fill out our online application for a free quote in less than five minutes.

Let our knowledgeable team of brokers get the low-cost coverage you need, advise you on the coverage limits you should have, and help you protect your digital assets and finances.