Cyber Insurance: Brokers’ Key Questions Answered

Cyber Insurance: Brokers’ Key Questions Answered

This interview is part of a special report published by Insurance Business Canada.

Michael Kalakauskas, Trisura’s assistant vice-president and product manager of professional liability and cyber liability, recently shared his perspective on key cyber trends and what brokers need to keep in mind.

IB | What key market trends should brokers be aware of in the cyber insurance space in 2019?

IB Special Cyber ReportI would place key market trends into two different categories: cybersecurity trends and cyber coverage trends. Both categories should be front of mind for brokers, not only in 2019, but in the years to come as well, as they allow brokers to think of exposure, risk and insurance solutions simultaneously.

From a cybersecurity trend standpoint, the sheer volume of cyber attacks and compromised personal information on a worldwide level is at an all-time high and will only continue to grow with the expansion of things like company interconnectivity, the Internet of things, the use of cloud services, artificial intelligence and machine learning, automation, and small to medium-sized business vulnerability.

These trends are at the heart of cybersecurity and point to the need for all organizations to increase their security and awareness in protecting themselves against cyber attacks and data breaches. Cyber criminals and attackers are only getting more sophisticated, so as an industry, we need to keep up with, and respond to, emerging threats. Another important trend from a cybersecurity standpoint is the evolving landscape of international data privacy laws and government/regulatory body involvement.

From a cyber coverage standpoint, brokers need to be aware that third-party liability coverage for data breaches is only one piece of the overall cyber insurance puzzle. The trends from a coverage standpoint – and the biggest causes of current cyber claims, in Trisura’s experience – are ransomware, social engineering and business interruption. Not all businesses carry large amounts of personal data that data breaches might target; however, all businesses are dependent on computers, cell phones and the internet, ultimately making them vulnerable to different types of cyber attacks.

The one thing all companies do hold is employee data, so all companies are exposed to a potential data breach. Our experience, though, is that the coverages I mentioned are the ones most sought after by small- to medium-sized businesses. It is easier to target small- and mid-sized companies, as they may not have adequate security measures and resources in place to protect themselves. Small companies must reassess their security position and ensure adequate measures and controls are implemented to safeguard against today’s cyber attacks.

IB | Which client groups should be the target markets for cyber insurance this year?
All client groups! All businesses – small, medium or large – have cyber exposures, and each company should be having conversations with their insurance broker about adequate cyber insurance coverage and risk transfer options.

That said, I would prioritize some of the industries that have not previously bought cyber insurance on a widespread basis. Industries including finance, banking, healthcare, retail and hospitality – all well known for holding and using personal information – have already been exposed to cyber insurance and the risk of data breaches; however, industries like construction, transportation and manufacturing, as well as smaller professional offices, are slowly being exposed to the importance of cybersecurity and need more awareness in this space.

At Trisura, we are trying to increase the exposure of cyber insurance with all our small- to medium-sized business clients, regardless of industry type. As mentioned, it is easier to target small- and mid-sized companies, as they may not have adequate security measures and resources in place to protect themselves. Trisura has a large surety book that comprises clients of all sizes in the construction industry – for example, builders, developers and contractors – and with them being more reliant on technology and computers, it is imperative we offer cyber solutions as part of their overall insurance and surety bonding package.

Likewise, we insure many small- to medium-sized professional offices for E&O and directors & officers liability and are currently trying to target them for cyber coverage as part of their insurance portfolio.

IB | How can brokers overcome the “it won’t happen to me” mentality held by many smaller businesses in reference to cyber attacks?
All businesses, regardless of size and industry type, have cyber exposure. Regardless of whether they hold or store their customers’ or suppliers’ personal data or corporate information, they have data on all of their employees that is at risk. Furthermore, all companies are reliant on computers, cell phones and the internet, and therefore would be susceptible to loss in the event of a cyber attack like ransomware, a hack, data loss, payment diversion or phishing, malware, and software or hardware failure.

Cyber attacks are indiscriminate. Even if it’s not from an attacker, one of the biggest forms of cyber exposure is the error of an employee clicking the wrong link, sending an email to the wrong person or leaving an unencrypted laptop or cell phone at a public place. Cyber exposure could come from anywhere, and if it were to happen, it could give rise to significant financial loss.

My rule of thumb is to advise businesses that cyber attacks are not a matter of ‘if ’ but more of ‘when’ – and whether the company is able to withstand the financial impact of such an attack or loss. If the company is not equipped to sustain such an attack, or the business would like some additional protection, then cyber insurance is a key to their risk management process, no matter the size of their business.

IB | What are the key differences between cyber as a stand-alone product and as an add-on? In which situations should brokers consider one option the better choice for clients?
The key difference between a stand-alone cyber product and an add-on by endorsement is the quality of the coverage and of the claims service. With a stand-alone cyber policy, you are getting a dedicated product – and limits – with specific and broad coverage and, most likely, access to a comprehensive cyber response team that can help navigate any claim or cyber incident. Most add-on cyber endorsements cover such a limited amount, and language tends to be very restrictive. Furthermore, add-ons usually contain such a small limit of liability, or the limit itself is shared with the main policy limit.

My hope is that add-ons become less and less used in the industry and that all clients – again, regardless of size and operation – purchase a stand-alone cyber policy to properly cover themselves. Another advantage of a stand-alone policy is that it is most likely being managed by a dedicated and experienced cyber underwriter. A true cyber underwriter can not only help with exposure and risk identification, but can also tailor the cyber policy and coverage to the specific needs of the client. Most add-ons are offered by underwriters in the professional liability or casualty space, and they may not have any expertise in the field whatsoever.

IB | What are the vital elements of a good cyber insurance policy, and which elements are particularly important for different clients?
Overall, good cyber insurance provides coverage for both an insured’s first-party and third-party losses associated with a network security breach, or the loss, theft or unauthorized disclosure of personal information or confidential corporation information. The coverage should include expenses related to breach notification, extortion threats, public relations, credit monitoring, forensic investigation, defence costs, the costs of judgments or settlements, regulatory claims, business interruption, and media liability, among other things. Every business has an exposure and should be protected accordingly. Exposures come in the form of employee information, customer information, internet access, electronic and network activities, and the overall use of technology.

Specifically, the most important element of any good cyber insurance policy is the claims handling service and response team associated with it. A cyber insurance policy should give clients access to experts in all fields of cybersecurity and make them feel comfortable throughout the whole process, whether it is a full-blown claim, a possible breach or a system hack. A good response team should include law firms and breach coaches, forensics and investigation professionals, public relations and communication specialists, and breach notification, identity repair and credit monitoring firms.

Legal experts can help minimize the risk of litigation and fines in the wake of a breach. They can provide legal advice based on your specific incident, such as determining how to notify affected individuals, government agencies, third parties and others who may be impacted. The law firms and breach coaches can also manage breach response teams and oversee all aspects of the response.

Forensic and investigative providers can advise your organization on how to stop the current data loss, prevent further harm and secure evidence as necessary. They can also determine where, when and how the breach or hack occurred, analyze data sources to determine what information has been compromised, and assist in data restoration.

Public relations providers can help develop both the internal and external communications needed during an incident, as well as oversee crisis management services. They can also provide advice on how to best position the incident to key audiences, update social media and help manage media questions related to the issue.

Breach notification providers can help in the form of credit monitoring, credit reports, call centre services and direct mail campaigns.



The Do’s and Don’ts of Contractor Billing

The Do’s and Don’ts of Contractor Billing

By Victor Bandiera


Most Canadian Construction Association (CCA) and Canadian Construction Documents Committee (CCDC) contract forms and other public contract forms require contractors to apply for payment monthly. This is based on an agreed schedule of values, a breakdown for payment purposes or the quantity of work in place on unit price contracts. This breakdown is usually agreed upon before the first billing.

The contractor submits their request to the payment certifier (usually the architect or engineer of record) under the prime contract at month end. If the contractor is a subcontractor, they are usually required to submit an application for payment on the 25th of the respective month. This allows the prime contractor to include it in the billing at month end.

In the last 12 months, some contractors have not applied for payment due to some unforeseen issues. Some of the issues were:

  • The previous month’s payment was not certified;Contractor billing - Victor Bandiera article
  • There was a delay in processing or the payment was not made;
  • A lien arose, which led to adding additional change orders, in turn, causing delay or discrepancy in amounts or limited progress of work or deficiencies.

None of the reasons listed above should prevent a contractor from submitting a subsequent monthly payment application for certification.


What to include in your billing?

Your billing should clearly show the period being billed (for example, June 1, 2019 to June 30, 2019), the date the invoice was prepared and the relevant contract references, including the owner’s name. Also, don’t forget to include the current revised contract price calculation being the total of the original contract price, but showing any contingency or cash allowances separately, as well as all approved change orders (not just those being billed against).

Your billing usually should include columns for:

(A) The total contractual amount for the line item;

(B) A total to date against the line item in dollars, as well as a column for quantities of unit price or percentage complete to show progress;

(C) The total to date from previous month (in dollars and quantities if applicable);

(D) D = B – C: the difference being the current month’s progress.

Totals of each column transfer to a summary page and the application of holdback retained. If holdback is released, include a separate line. Naturally, the rate of applicable tax must be shown as a separate line and total of cheque expected from owner should also be provided.  If more than one month is outstanding prepare a statement of account showing all unpaid amounts at month end.

Time is of the essence

A payment certifier is to certify the work in place usually within 10 days of application for payment. If the contractor does not apply, the payment certifier does not need to do anything. A payment certifier has to fulfill his/her contractual and professional obligations as an unbiased party.

Contractor billing 2_Victor Bandiera articleHypothetically, if an owner fails to make a payment for a certificate of payment issued by a certifier due to a lien, this does not preclude a contractor from billing the subsequent month and the payment certifier from preparing another certificate. There can be more than one unpaid monthly payment certificate. Also, most contracts require the payment certifier to respond in writing to an application. If the payment certifier does not respond, please review what your contract says about notifying the owner in default for non-certification if permitted, and if necessary, discuss with your construction lawyer promptly, as you have lien rights that are time sensitive. If you are a subcontractor you might be able to make a Labour and Material payment bond posted, which also has timelines to make a claim.

It is always important to bill monthly, as that serves as an historical record of the contractor’s progress of work and of when change orders were added to increase scope, even if not performed. If a contractor does not bill, he or she will not know of any payment issues with the owner. Naturally, if the contractor is not promptly paid by the owner, the contractor needs to consider noting the owner in default for non-payment (as the owner usually needs to pay within seven to 10 days of certificate of payment, according to most contracts) but also interest will run. Keep in mind, the contractor probably does not want to work for more than a month and finance the work himself/herself, as that could lead to delays of payment and effect banking, bonding, subcontractor and other relationships.

If certification is delayed by others and it is suggested that the contractor group two months together, the actual progress for the first month is lost. It is usually a contract requirement to pay that month earlier as well.

In Ontario, this will be even more important with respect to recent changes to the Construction Act (formerly Construction Lien Act), including proper form of billing as it relates to new prompt payment provisions and adjudication, which could include payment disputes. Payment is one of the most important things on a project. The contractor or subcontractor must do the billing well and timely to avoid cash flow issues and disruptions further down the contractual chain.

8th Annual Charity Softball Tournament a “Home Run”

8th Annual Charity Softball Tournament a “Home Run”

On September 19th, Trisura held its 8th Annual Charity Softball Tournament. Sunny and warm, with just the right amount of breeze, it was the perfect day for a ball game.

Our largest tournament to date, participants from 17 different brokerages attended in support of Perth-based charity, Project Trauma Support. This organization aims to support military veterans and personnel, as well as emergency responders coping with post-traumatic stress disorder. Each year, all proceeds raised from the tournament are donated to the selected charity. And, this year, we raised our most ever, coming in at $23,000!

Check out our gallery for some highlights from our home-run-kind-of-a day!