For more than 10 years, Cyber Liability has been referred to as an “emerging risk” which seems counter intuitive to reports that up to a third of Canadian businesses have experienced a loss of revenue as a result of a cyber attack [2023 CIRA Cybersecurity Survey – CIRA]. While it is easy to imagine a loss to physical property, automobiles or products it can be challenging to visualize a privacy breach or ransomware attack affecting your business.
Whether it involves your organization personally, a vendor or supplier; cyber risk is often touted as the number one concern for businesses in 2025. With the rise of AI software, many of these phishing campaigns are being automated resulting in a larger increase in attempts on a wider net of Canadian businesses.
This begs the question; What can businesses do to protect themselves?
1.Determine your Exposure
Are your processes heavily relied on by technology? Are you a manufacturer that couldn’t operate your machinery in the event they couldn’t communicate with other systems? Are you a retail store that wouldn’t be able to process payments should your PoS system go down?
This is difficult to determine, but the main questions a business should ask themselves are;
-
- Could we operate if all computer systems and phone systems went down?
- How many “files” do we have? This can include customer data, saved payment information, employee payroll information, SIN numbers, Dates of Birth, plus the company’s own banking information.
- How vast is your customer/vendor network? If your accounts were used in a phishing campaign to your network how many people may be affected?
For Ransomware specifically, CFC offers a free calculator linked below;
Ransomware calculator | CFC
2. Develop security controls to deter, protect and detect cyber liability threats
Choosing a capable vendor in your IT services is one of the most valuable partnerships a business can make. An expert in cybersecurity will assist you in determining where your organization is strong and weak and offer controls to improve your risk profile.
These can include but are not limited to;
Multi-Factor Authentication (MFA) implementation
Data Backups with scheduled refreshment
Endpoint Detection and Response (EDR)
Remote Device Wiping
Scheduled Software Updates & more
3. Create a formal response plan, including business continuity
Developing a formal response plan, with designated staff and responsibilities will help with determining who should do what in the event of a claim. Often the handling of a claim is the major factor in limiting loss and liability. Quick response from both internal and external parties can get you up and running quicker, draft formal response to affected parties and protect your reputation.
Insurers will also have significant resources for breach response to limit exposure and help ensure legal compliance in the event of a claim.
Developing your incident response plan (ITSAP.40.003) – Canadian Centre for Cyber Security
4. Commit to Education
Committing to ongoing education at all levels within your business creates a culture of security. Ongoing subscription to newsletters, periodic meetings with IT providers, simulated phishing training and other techniques help keep privacy at top of mind.
There are many publications out there that businesses can subscribe to, as well as endless readings and guides for cyber security. Even reading news stories on how some of the biggest and best organizations in the world were breached is great for understanding what exposures exist out there.
5. Purchase a Cyber Liability policy
Lastly, purchasing a cyber liability/privacy breach policy is the failsafe. There are many markets that offer Cyber Liability with new ones entering the marketplace annually. Its best to get options from a few of the leaders to compare their pricing, coverage and added services.
Acera Insurance has access to the best Cyber Liability markets available, and for most businesses can turnaround an indication for pricing and coverage within a few hours. If you have any questions regarding cyber liability please contact me below;
Curtis Luu
Curtis.Luu@Acera.ca
780.452.5561
Cyber Liability Insurance | Acera Insurance
New to cyber insurance? | CFC