Cyber Risk & Data Breach

Cyber Risk & Data Breach are rapidly emerging threats for organizations of all sizes. As businesses adopt technologies to optimize production and deliver services, there is often an increase in online business risks.

Cyber Attacks

There is growing acceptance that cyber incursions are inevitable. Bad actors develop new weapons and exploit new vulnerabilities as quickly as cyber professionals develop defenses.

 

Insurance policies have been emerging to help you recover. Many insurance brokers feel that selling a cyber insurance policy is the only solution.

Cyber Resilience

is your ability to prepare for, respond to, and recover from cyberattacks while continuing to operate effectively.

What can you do to protect your business?

  1. Harden your defenses. Employees are the soft underbelly of your organization when it comes to cyber attacks. Employee training has become one of the most effective tools in preventing and mitigating cyber attacks.
  2. Business Continuity Plans ensure your team and assets are protected and are able to function and recover quickly in the event of a disaster.
  3. An Insurance Policy is an important backstop for when everything else fails. Having funds and a remediation team available moments after you suffer a loss is important.

The Thor team partners with an array of cyber prevention, training and remediation teams.

Click this image to check out one of our cyber training partners

Many of us believe we can identify phishing emails or phone calls, so why do they continue to occur and escalate in severity for all sizes and types of organizations?

The bad guys continue to become more sophisticated and like any profit based venture, they continually evolve. Remember when you saw your first phishing email, it stood out like a sore thumb because it was badly assembled, had spelling mistakes and just didn’t look right. Those were growing pains, today’s attacks are sophisticated and relentless.

We know you have an insurance broker. Let’s talk about protecting your organization from a debilitating cyber attack.

 

What is a Cyber Attack?

A cyber attack is an attempt to disable computers, steal data or use a breached computer to launch additional attacks. Some of the most common types of cyber attacks include

  • Malware is computer code/instructions that can perform a variety of malicious tasks. Whether providing access to your system, spying on users to obtain credentials or other valuable data, or causing disruption, malware including its most notable form, ransomware, can bring businesses to their knees,
  • Phishing attacks are where an attacker tries to trick unsuspecting employees into handing over valuable information including passwords, credit card information, or intellectual property. Phishing attacks generally arrive in the form of an email pretending to be from a legitimate organization or individual such as your bank, the government, and even other members of your organization,
  • Business Email Compromise (BEC) is an attack against an employee who has the ability to authorize financial transactions, in order to trick them into transferring money to accounts set up by the attacker,
  • Drive-by Attack is where an unsuspecting victim visits a website that infects their device with malware,
  • Denial-of-Service (DoS) attacks occur where an attacker floods a server with traffic in an attempt to disrupt or bring down the server,
  • from the Internet of Things (IoT) like webcams, smart locks, and thermostats to emerging Artificial Intelligence (AI) attacks, there is no lack of innovation from nefarious individuals working diligently to become wealthy at the expense of businesses.

Together with reputational harm, downtime, stolen funds, and other costs, a cyber attack can have devastating financial consequences.

Ask us about a free Vulnerability Assessment


What is a Data Breach?

A data breach is the intentional or unintentional release of secure, private, or confidential information into an untrusted environment. A data breach does not have to be electronic and can include loss or theft of paper documents.

Unintentional data breaches include lost or left behind unencrypted laptops, smartphones, or paper records. Intentional data breaches can include theft of devices or documents, phishing or malware.

Who can be affected?

  • Your business,
  • Your employees,
  • Your vendors,
  • Your customers.

Alberta and most jurisdictions have legislation that makes YOU responsible for lost or stolen data that can identify your employees, customers, and other individuals or organizations.

The cost of a data breach can be estimated by the cost of each record or personally identifiable information (PII) affected by a breach. Current cost estimates of a data breach per record are estimated at

  • Customer PII – $170
  • Employee PII – $160
  • Intellectual Property – $150

Consequences of a data breach can include financial loss, reputational damage, downtime, legal action, and loss of sensitive data.


How can you meaningfully impact your cost of insurance?

Although a strong insurance policy can help your business recover from a cyber attack or data breach, the best solution is avoidance, don’t allow a cyber incident to successfully attack your business. Claims and lack of proper risk control measures are the largest drivers of insurance cost increases.

The only way to differentiate your business in this space is to become ‘best in class’ at managing your risk. Insurance policies become contingency plans and actively managing your risk is a primary activity. Every insurance solution has a complimenting risk control activity.

As Cyber threats are rapidly emerging, so too are the solutions to combat and avoid them.

Insurance & Risk Control Solutions

Pre-loss Risk Control

90% of cyber-attacks come via email. Ongoing staff training is one of the most effective mitigation tools in preventing cyber attacks and data breaches. We work with organizations providing cost-effective training for staff. Our cyber insurance solutions bundle 24/7 monitoring, employee training, and security services to prevent cyber attacks.

Insurance protection

Many insurance policies now provide low-cost or free cyber insurance add-ons. Don’t rely on small throw-ins, you get what you pay for. If your cyber insurance does not specifically contain the following elements, you do not have a robust cyber insurance solution.

A. 1st Party (you) Event Response

  • Breach Response Costs to respond to a breach and help you recover, including incident response, customer notification, credit monitoring, and legal costs.
  • Crisis Management & Public Relations costs to respond to an incident including public relations experts,
  • Ransomware and Cyber Extortion costs to respond to an extortion incident,
  • Business Interruption arising from a failure in your security or a data breach,
  • Digital Asset Restoration to replace, restore, or recreate your digital assets that are damaged or lost following a failure of your security including ransomware attacks,
  • Computer Replacement & Bricking to replace computer systems whose integrity has been permanently altered by malware,

B. Cyber Crime

  • Funds Transfer Fraud and Social Engineering for funds transfer losses you incur from a failure in your security or social engineering,
  • Phishing for the costs your customers incur when they are victims of a phishing attack impersonating you as well as costs related to preventing and mitigating such incidents,
  • Invoice Manipulation to pay for invoices you’re unable to collect as a result of your customer being tricked into sending payment to fraudsters.

C. 3rd Party (others) Security and Privacycosts of defense and damages if one of your clients or vendors files a lawsuit resulting from a failure in your security, a data breach, or a privacy violation,

Post-loss response

Once an incursion has occurred, time is of the essence. Reporting attacks or breaches quickly can mitigate the loss, so much so that many Cyber insurance providers will waive deductibles for claims reported within a short time frame.

Robust Cyber insurance solutions go far beyond sending you a claim cheque and wishing you well. The strongest providers start doing what they do best once you have been attacked and it is not uncommon to mitigate a cyber event by recovering funds or remediating damage before the trail goes cold.


We Can Help!

Thor Insurance and Financial is a locally owned Northern Alberta insurance and benefits brokerage with roots going back to 1979. Our management team has over 100 years of commercial insurance experience, which we leverage to serve our commercial and industrial clients … Local Access, Global Reach.

Running and growing a successful business is complicated. We partner with companies like yours to support the areas of your business you don’t have time to become an expert in. No “cookie cutter” insurance policies; we work with our clients in a holistic fashion to create solutions. In addition to insurance and employee benefits solutions, we offer

  • Financial Planning, Tax and Succession Advice,
  • Business Continuity Planning and Business Interruption analysis,
  • Key Person and Life Insurance solutions,
  • Cyber Risk Assessments, pre-loss staff training and post loss remediation,
  • Human Resources solutions ranging from Safety Manuals, Employee Manuals, customizable Employment Contracts,
  • Risk control support and development of documentation such as Spill Response plan and Drug & Alcohol policies, Fleet management guides,
  • Group & VIP Personal Insurance,
  • Surety/Bonding,
  • Online Registry, renew your fleet registration from the comfort of your computer