Campbell & Haliburton Insurance have been in the Regina community for over 50 years. Therefore, we know it is customer service and knowledge that counts. Our team of dedicated Regina insurance brokers can assist you in finding the plan that works best for you. In this post, we discuss data compromise and insurance. We’ll explain what it is, how it can affect you, and most importantly how to protect yourself.
Data Compromise and Insurance
Data Breaches
One of the newest and least purchased products in our industry is quickly becoming one of the most important. This is particularly true following the COVID-19 pandemic response. Many businesses and organizations have taken this time as an opportunity to digitize their businesses. Further, many are opting for an online store or some form of an online portal to service their clients. While this is great for business, it opens a company up to more liability in lost or compromised data. This is not a new risk of course, as it applies to both physical and digital files.
PIPEDA Changes
The costs associated with a data breach have increased significantly over the past few years due to changes to the Personal Information Protection and Electronic Documents Act (PIPEDA). This came into effect in November 2018. These new changes outline regulations and requirements when there is a breach of data. Moreover, when a breach of data compromises someone’s personal information that constitutes a real risk of significant harm. While not strictly defined, significant harm can be bodily harm, humiliation, financial loss, identity theft, and damage to property, among other things.
Costs Associated With Data Breaches
The naming of the coverage as “data compromise” or “cyber” is a bit of a misnomer. If you have a physical filing system, you can still be affected in a major way. Obviously, if only one person’s data is affected, then, the cost may not be significant. However, consider your techniques for getting rid of old documents. If your strategy is to just throw old records in the garbage, you may have a large breach on your hands. What if you are offloading 1000 old records you believe to be stale-dated into the standard garbage? Well, you can easily see a breach of upwards of $250,000. Further, if someone accesses your building and your file room, you may need to notify every person whose data you store physically. This could be significantly more costly. What is a better strategy, then? Well, of course, shredding all documents would work. You could also subscribe to a service that shreds your documents for you. Finally, you could also have a locked room for all your files and practice key safety principals.
Digital Data Breaches
If you have a digital filing system, you are susceptible to hacks from multiple different avenues. Your first step is making sure your firewall is capable of blocking unwanted outside traffic. This would prevent outside actors from entering your system without your invitation. However, there are many more dangers associated with digital filing systems. What are some of these dangers? A USB stick picked up on the ground can be plugged in to see what is on it. This stick may contain a virus used to access the system. Downloading a program from an unknown source could contain a virus as well.
First Step: Strategize
Your first steps to digital safety is having an appropriate strategy in place for storing and destroying customer data. Further, make sure to have an IT strategy that includes training of staff against possible hacks and social engineering strategies. Without these first steps in place, you will not be prepared for an attack on your data.
Insurance
The good news in all of this is that you can be for data compromises and breaches. Once you have a strategy in place for dealing with a breach or preventing one before it occurs, you are able to purchase insurance to protect your business against this. Many insurers have taken to including a base amount of coverage for third party costs. However, this is typically a small amount of coverage that may not protect you in the case of a large breach. Third-party costs include covering losses to clients, such as providing credit monitoring services and replacing documents that may be compromised by the loss. First-party costs are typically not covered by these built-in policy types, however. So the cost to your business in obtaining IT firms, lawyers, and sending mail out to those affected would require a separate policy. Moreover, as would higher limits of third party cyber coverage.
Common Misconceptions
My business is too small to be attacked.
A data thief may target smaller businesses to gain entry to larger organizations. Imagine you’re a renovation contractor rebuilding a section of a store post-fire. To fix the building, you subcontract an IT firm to repair the computer network storing sensitive customer data. The store owner, seemingly genuine, requests to add an IP address for remote access. Trusting the caller, you comply, only to discover later it was a data thief exploiting the access for malicious purposes.
We have on-staff IT, they monitor for anything coming in.
Monitoring things coming in is not the only way to stop a hack. Sometimes it is as simple as someone plugging in a USB drive that contains a rootkit. This can install a virus to the system without needing to go through the firewall. While the IT staff may be monitoring incoming transmissions, they cannot monitor every computer all the time. Appropriately training staff to not plug in unknown devices to their computers can prevent this, but if it happens it is best to be prepared.
Our files do not contain anything private or sensitive.
This may be your perception, however, if you store a person’s name, address, and phone number, these three things can be used to impersonate your client. If this information was obtained from your business, you could be found to be liable for damages incurred as a result of the loss.
Final Words
Considering the average cost of a data breach at $2 – $3 million, the amount of coverage you should purchase should exceed this amount. There is no way of knowing how much you may need until you need it. We always recommend carrying as high a limit as possible. This is because it is impossible to know how much coverage you may need. The expert team at Campbell & Haliburton can help you determine what insurance works best for you depending on your business.
For more information visit the Officer of the Privacy Commissioner of Canada’s website https://www.priv.gc.ca/en/privacy-topics/business-privacy/