Cyber in 2020: The threats and the solutions

Cyber in 2020: The threats and the solutions

This interview is part of a special report published by Insurance Business Canada.

You can read the full report here.

 

In a discussion with Insurance Business Canada, Trisura’s assistant vice-president of professional solutions, Michael Kalakauskas, weighed in on some of the biggest cyber concerns facing brokers in 2020.

IB | How is the cyber insurance market shaping up in 2020?
Michael Kalakauskas HeadshotMK | 
The cyber market has been very volatile for most of 2020. We have seen pricing increases range around 10% to 50%, as well as a substantial increase in deductibles. Furthermore, most markets are reducing their capacity, with limits being greatly lowered on both third-party and first-party coverages. While some markets have pulled back, others have increased their appetite and capabilities. It’s a very interesting time in the cyber insurance world.

From a cybersecurity trend standpoint, the sheer volume of cyberattacks and compromised personal information on a worldwide level is at an all-time high and will only continue to grow with the expansion of things like company interconnectivity, the Internet of Things, the use of cloud services, artificial intelligence and machine learning, automation, and small to medium-sized business vulnerability. These trends point to the need for all organizations to increase their security and awareness in protecting themselves against cyberattacks and data breaches. Cybercriminals and attacks are only getting more sophisticated, so as an industry, we need to keep up with and respond to emerging threats.

Another important trend is the evolving landscape of international data privacy laws and government/regulatory body involvement. These new or updated laws – for example, GDPR in Europe or PIPEDA here in Canada – are making companies move from a reactive approach to a proactive approach towards cybersecurity. We’re now seeing a greater focus on system security and the ability to safely store and use personal information.

In terms of cyber coverage, brokers need to be aware that third-party liability coverage for data breaches is only one piece of the overall cyber insurance puzzle. The trends from a coverage standpoint – and the most causes of current cyber claims, in our experience – are ransomware, social engineering and business interruption. Not all businesses carry large amounts of personal data that may be targeted in data breaches; however, all businesses are dependent on computers, cell phones and the internet – things that ultimately make them vulnerable to different types of cyberattacks. The one thing that all companies do hold is employee data, which exposes all companies, regardless of size, to a potential data breach.

It is easier to target small and mid-sized companies, as they may not have adequate security measures and resources in place to protect themselves. To safeguard against today’s cyberattacks, small companies must reassess their security position and ensure adequate measures and controls are implemented, including the purchase of cyber insurance coverage and speaking with a true insurance professional.

IB | How has the COVID-19 pandemic – and the accompanying increase in remote work – impacted the cyber insurance market?
MK | COVID-19 remains a challenge for the insurance world. The cyber insurance market should be very concerned with heightened cyber exposures while people work from home with lesser security, employee awareness and procedures. This is the perfect time for cybercriminals to make their move, and we’re already seeing phishing attacks and viruses on the rise in every sector. Also, when working from home, it’s harder to react and deploy an incident response plan or disaster recovery plan, which may result in more frequent and possibly more severe attacks.

It’s a time of great stress and worry, and people are paying less attention. Things that might impact cybersecurity during COVID include older/out-of-date computer software and antivirus software/firewalls, a lack of cybersecurity procedures/policies, a lack of encryption protocols, infrequent password changes, audits not being performed, general misuse of computers and emails, and employees not on high alert. We must all stay vigilant.

IB | Which client groups should be the target markets for cyber insurance this year?
MK |
All businesses – small, medium and large – have cyber exposures, and each company should be having conversations with their insurance broker about adequate cyber insurance coverage and risk transfer options. That said, I would prioritize some of the industries that have not previously bought cyber insurance on a widespread basis. Industries including finance, banking, healthcare, retail and hospitality – all well known for holding and using personal information – have already been exposed to cyber insurance and the risk of data breaches. Industries like construction, transportation and manufacturing, as well as smaller professional offices, however, are slowly being exposed to cybersecurity needs and do need more awareness in this space.

At Trisura, we are trying to increase the exposure of cyber insurance with all of our small to medium-size business clients, regardless of industry type. As mentioned, it is easier to target small and mid-size companies, as they may not have adequate security measures and resources in place to protect themselves. Trisura has a large surety book that comprises clients of all sizes in the construction industry – for example, builders, developers and contractors – and with them being more reliant on technology and computers, it is imperative that we offer cyber solutions as part of their overall insurance and surety bonding package. Likewise, we insure many small to medium-sized professional offices for errors & omissions insurance and directors & officers liability, and we are currently trying to target them for cyber coverage as part of their insurance portfolio.

IB | What features should brokers look for in a cyber policy today?
MK |
Overall, good cyber insurance provides coverage for both an insured’s first-party and third-party losses associated with a network security breach, as well as the loss, theft, or unauthorized disclosure of personal information or confidential corporate information. The coverage should include expenses related to breach notification, extortion threats, public relations, credit monitoring, forensic investigation, defence costs, the costs of judgments or settlements, regulatory claims, business interruption and media liability, among other things. The reality is, every business has an exposure and should be protected accordingly. Exposures come in the form of employee information, customer information, internet access, electronic and network activities, and the overall use of technology.

Specifically, the most important element of any good cyber insurance policy is the claims handling service and response team associated with it. A cyber insurance policy should give clients access to experts in all fields of cybersecurity and make them feel comfortable throughout the whole process, whether it’s a full-blown claim, a possible breach or a system hack. The response team should be quick, flexible and able to handle any type of scenario. A good response team should include law firms and breach coaches; forensics and investigation professionals; public relations and communication specialists; and breach notification, identity repair and credit monitoring firms.

Legal experts can help minimize the risk of litigation and fines in the wake of a breach. They can provide legal advice based on your specific incident, such as determining how to notify affected individuals, government agencies, third parties and others who may be impacted. The law firms and breach coaches can also manage breach response teams and oversee all aspects of the response.

Forensic and investigative providers can advise your organization on how to stop the current data loss, prevent further harm and secure evidence as necessary. They can also determine where, when and how the breach or hack occurred, analyze data sources to determine what information has been compromised, and assist in data restoration.

Public relations providers can help develop both the internal and external communications needed during an incident, as well as oversee crisis management services. They can also provide advice on how to best position the incident to key audiences, update social media and help manage media questions related to the issue. Breach notification providers can help in the form of credit monitoring, credit reports, call centre services and direct mailing campaigns.

IB | If brokers are looking to sell cyber insurance to a client for the first time, what key points should they stress?
MK | All businesses, regardless of size and industry type, have cyber exposure. Regardless of whether they hold or store their customers’ or suppliers’ personal data or corporate information, these businesses have data on all of their employees and stakeholders that is at risk. Furthermore, all companies are reliant on computers, cell phones and the internet and therefore are susceptible to loss in the event of a cyberattack like ransomware, a hack, data loss, payment diversion or phishing, malware, and software or hardware failure.

Cyberattacks are indiscriminate and could come from anywhere. Even if it’s not from an attacker, one of the biggest forms of cyber exposure is the error of an employee clicking the wrong link, sending an email to the wrong person or leaving an unencrypted laptop or cell phone at a public place. Giving a tiny window of access to someone is all it takes. Cyber exposure could come from anywhere, and if it were to happen, it could give rise to significant financial loss.

My rule of thumb is to advise businesses that cyberattacks are not a matter of if but more of a when, and whether the company is able to withstand the financial impact of such an attack or loss. If it is not, or the business would like some additional protection, then cyber insurance is a key to their risk management process, no matter their size of business.

 

Happy Thanksgiving from Trisura!

Happy Thanksgiving from Trisura!

Happy Thanksgiving

Dear friends,

It’s hard to believe we are now in October. Although COVID-19 impacted many summer plans, I hope you were able to make the most of the warm weather and sunshine. Unfortunately, active cases are again on the rise in most provinces, and I wish you and those close to you good health and safety.

With Thanksgiving just around the corner, I find myself reflecting on the events that have taken place in 2020 thus far. Even during these difficult times, I have so much to be thankful for, including my wonderful family and friends, my fantastic, resilient co-workers and that we have all remained in good health. On behalf of everyone at Trisura, we are thankful for having you as our business partners and for your continued support. We hope that we’ve been able to serve and support your needs, even from a distance.

Like most of you, we’ve been working remotely since March. Although we miss our face-to-face interactions, our top priority has been to continue to strengthen our relationships to ensure that we deliver on our promise of providing you with “a step above” experience.

Over the summer, we conducted a broker survey to provide us with insights to serve you better and enhance your experience with Trisura. The response rate was overwhelming, and I’d like to express our sincere gratitude. We are currently reviewing the data and will soon provide a summary of the results.

We have been busy working on many exciting initiatives this year, with the most significant being our official entry into the US Surety market beginning in January 2021. I am pleased to announce that George James will be joining Trisura on January 4, 2021, to lead our US Surety business. George joins Trisura with over 20 years of industry experience, with the last five years as Executive Vice President and Chief Underwriting Officer at International Fidelity Insurance Company. George will bring a wealth of knowledge, experience and relationships to Trisura, and we are very excited for him to begin his new journey. We will be sharing more on this exciting news over the coming months.

Even during these difficult times, Trisura’s business continues to thrive and that is because of you. We sincerely thank you for your trust in Trisura and for your continued support. On behalf of everyone at Trisura, I wish you and your loved ones a happy and safe Thanksgiving.

 

Chris Sekine
President & CEO

Trisura Guarantee Becomes National Sponsor of WICC

Trisura Guarantee Becomes National Sponsor of WICC

On September 28, the Women in Insurance Cancer Crusade (WICC) announced a Trisura Guarantee Insurance Company as a new national sponsor.

“We are grateful and thrilled to have Trisura join our growing list of national sponsors,” said Marilyn Horrick, Co-Chair of WICC Ontario. “Trisura, along with our other partners, will help us unite and engage the Canadian insurance community with the goal of funding cancer research; and supporting, educating and improving the lives of those affected by cancer.”

Community involvement is one of Trisura’s guiding principles, and great emphasis is placed on it both nationally and regionally. By becoming a national sponsor of WICC, Trisura joins industry peers in providing support to fund cancer research.

“We at Trisura Guarantee Insurance Company are proud to support the important work of the Women in Insurance Cancer Crusade,” commented Richard Grant, Chief Operating Officer. “Every Canadian knows of a friend, co-worker or family member who has been impacted by this disease. As Trisura has offices coast to coast, we are pleased to become a national sponsor of WICC as we join the insurance industry in raising funds for research, support and education.”

About WICC:
Since its inception in 1996, WICC and the women and men of the property and casualty insurance industry in Canada have raised over $17.5 million nationally in support of cancer research and education. WICC’s mission is to unite and engage the Canadian Insurance community to fund cancer research, support, educate and improve the lives of those affected by cancer. More information about WICC can be found at www.wicc.ca.

About Trisura:
Trisura Guarantee Insurance Company is a Canadian specialty insurance and surety company with offices across Canada, providing customized solutions and expertise through a select broker network. Trisura Guarantee is uniquely positioned to satisfy Canadian risks in Contract, Commercial and Developer Surety, Directors’ and Officers’ Liability, Fidelity, Professional Liability including Media and Cyber Liability and Warranty products.

Trisura Guarantee Insurance Company is a subsidiary of Trisura Group Ltd., a leading international specialty insurance provider operating in the surety, risk solutions, corporate insurance and reinsurance segments of the market. Trisura has three principal regulated subsidiaries: Trisura Guarantee Insurance Company, Trisura International Insurance Ltd. and Trisura Specialty Insurance Company. Trisura is listed on the Toronto Stock Exchange under the symbol “TSU.”

To view the official WICC press release, click here.

Drastic Times and Drastic Measures: Keeping Businesses Running during the Age of the Coronavirus

Drastic Times and Drastic Measures: Keeping Businesses Running during the Age of the Coronavirus

By Sara Ametrano

The COVID-19 virus has had a tremendous global impact. Throughout the world we’ve witnessed international borders shutting down to visitors, businesses ceasing operations and a significant hit to the economy.

Some businesses have managed to maintain operations through remote working arrangements and implementing safety precautions at the workplace for any individuals required to be present. Health of employees and visitors is of the utmost importance, and the question of how to successfully resume regular operations is at the top of everyone’s mind.

It’s important to keep in mind that many individuals may still be hesitant to return to the workplace, even with many precautions in place. Whether it is a matter of using public transportation, a position that requires excessive contact with others, shared elevators and common areas, it isn’t difficult to see where discomfort may arise. During this time, communication between employers and employees is key. The Government of Canada recommends that staff express any concerns they may have about the pandemic discuss the possibility of working remotely.

If employees are to be physically present, here are some protective measures businesses can take in an effort to reduce the risk of COVID-19 in the workplace, as recommended by the World Health Organization:

  • Install disinfectant wipes throughout the workplace;
  • Restrict access to shared areas and equipment, such as break rooms and refrigerators;
  • Ensure everyone wears a mask and frequently washes/sanitizes their hands;
  • Separate bodies as much as possible; this can be done through having employees come to work on a rotating basis so the business is not at full capacity;
  • Create a clear people-flow through the workplace to ensure no two-way traffic.

In addition to the above suggestions, employers can also try restricting access to shared areas and equipment, such as break rooms and refrigerators, as well as having a clear people-flow through the workplace to ensure no two-way traffic for even more protection.

If remote work and precautionary measures aren’t possible, some business may be forced to limit operations, which may include moving to a temporary “online-only” presence for the consumer industry or shutting down certain aspects of the business for the time being, for example. In this case, a top priority for employers may be determining the actions they can take to reduce the potential of a permanent shut down. Businesses should determine the resources and options available to them, which could include measures such as seeking emergency government benefits for the business itself or its staff.

In the unfortunate event a business need to reduce staffing levels, they need to be aware of their legal obligations before implementing any layoffs or staff changes. Businesses are encouraged to contact their legal counsel to ensure they are acting in accordance with fast changing rules and regulations on staff layoffs/firings during Covid-19. Having solid legal advice before making any decisions can help avoid potential future wrongful dismissal claims or other potential legal matters as a result of these employment changes during these uncertain times.

To learn more about employment practices liability insurance, contact your Trisura underwriter. Contact us here.

The views expressed in this article are exclusively those of the author;  they do not necessarily reflect the views of Trisura Guarantee Insurance Company, its affiliates or partners.