Cyber Risks: Privacy BreachPosted On March 19, 2016
Did you know that a report by Intel’s McAfee and the Center for Strategic and International Studies estimated the global cost of cyber-crime in 2013 ranged from $375 to $575 billion? Compare that to the estimated global damage resulting from vehicle collisions at $518 billion. Cyber-crime in Canada is estimated at $3 to $4 billion annually.
Most businesses are certainly familiar with PIPEDA (Personal Information Protection and Electronic Documents Act). This Act governs how private sector organizations collect, use and disclose personal information in the course of commercial business. However, were you aware that Canadian businesses will have a lot more responsibility when it comes to a privacy breach since PIPEDA has been amended to include mandatory breach notification?
While not yet in force, these provisions will require businesses to notify affected individuals as well as the Privacy Commissioner of Canada involving personal information under the business’ control and where the breach poses a “real risk of significant harm” to the individuals. Fines can be as high as $100,000 if not recorded or reported.
Consider the high profile cyber-attacks in recent years that cost businesses millions of dollars.
Data attacks are common because they are easy to conduct. The tools are readily available. For example, an off-the-shelf computer can test millions of passwords per second with most passwords being cracked within a minute.
The losses from cyber-attacks are significantly growing. The major risks of loss include theft of intellectual property, theft of funds, theft of confidential information and opportunity cost.
The main causes of data breaches are from criminal attacks (42%), Human error (30%), and system glitches (29%).
However, it’s not all doom and gloom. For most individual users, improvements, such as using strong passwords, regularly changing passwords for each device and prompt updating of software may address up to 80% of the risk due to cyber-attacks.
Businesses can improve their cyber defenses by:
- Assessing current security levels and developing effective cyber security practices.
- Determining accountability and ownership.
- Evaluating vulnerabilities of current security systems on a regular basis.
- Identifying, prioritizing and protecting essential data.
- Developing an incident management system including documentation and response plans
If you think your current insurance policy will provide protection against cyber risk losses, you should check your policy. Current policies were not intended to provide protection for this exposure and most companies have amended their wordings to exclude cyber breach losses. However, there is cyber breach insurance available at very affordable prices. Coverage can be provided for as little as $100 offering business interruption coverage, notification expenses, public relation services, computer forensic services and credit and fraud monitoring for affected customers of the breach.
Your A.P. Reid Commercial Insurance representative can tailor the best coverage for your business.
Talk to us today to learn more.