Canadian business leaders are increasingly looking to their IT professionals for assurance that cyber breach risk is adequately controlled. It’s easy to understand the concern, considering data breach incidents dominate the headlines of national publications and insurance-specific journals alike. It’s a harsh reality to accept that security threats are ever evolving, but the real concern is the lack of confidence in existing protective measures for company operating systems.
Consider a recent event in the press. The President/CEO of a large organization found himself in the unfortunate position of hosting a press conference detailing their decision to pay a significant ransom in order to obtain a decryption key to unlock critical systems. His team no doubt had to consider the alternative and the potential for disruption to their business, destruction of data or the need for system restoration.
This real life scenario highlights one insurable component of a cyber threat, but also prompts consideration of what the outcome might have been if the organization in question did not respond to the ransom request. This level of uncertainty gives rise to the interest in insurance-based risk transfer solutions.
The current market for insurance solutions varies in terms of scope of coverage. At Trisura, our Technology and stand-alone Cyber Liability solutions are broad in nature. Insureds have the ability to build a program from a suite of coverages that address various components of their risk. For example, the Network Extortion Threat is one coverage in the suite that serves to address the extortion of funds in return for a decryption code or other such resolution of a threat to systems and/or files.
Many business leaders downplay the likelihood and potential impact of a cyber-breach, mistaken in their thinking that they are somehow less exposed because they don’t collect personally identifiable customer information. It’s a reality that housing personal information isn’t the only feature of a network that makes it a target to hacking and potential ransom demands. Most organizations have business-critical applications that if corrupted, can expose them to irreparable damages to both brand and business, the later in the form of interruption.
Most organizations would not know how to begin to quickly assess the pros and cons of responding to a ransom request. Seeking out external advice slows down the process and increases the possibility of missing a payment window. When faced with an extortion threat, a call to Trisura triggers services that will help an insured navigate resolution and ensure indemnification of an extortion payment within the terms of the contract.This is our commitment as we believe in creating exceptional experiences for our brokers and their customers – even in extra-ordinary circumstances – because we believe the business can be done better.