As some businesses begin to emerge from the worst of COVID-19, they are increasingly turning to their insurance policies to help with their financial recovery. A recent ruling is a reminder that contracts need to be clear; they must say what they mean and mean what they say.
A question that I often get from clients is one about cyber-insurance. In light of the recent passing of Bill S-4, better known as the Digital Privacy Act, the Personal Information Protection and Electronic Act has now been amended to include mandatory breach notification provisions. While these mandatory breach notification provisions are not yet in force, it is a good time to review your cyber-insurance coverage.
The malevolently-inclined are getting more ambitious (a 2014 study by the Ponemon Institute that evaluated security-breach costs in the retail sector suggests that average size of a breach is about 30,000 records) and more damaging (average loss is now about $105 per stolen record). The same study estimated that the average cost of a cyber-crime for the retailer is about $3.15-million. These are average numbers only: recent large-scale retail breaches have involved records in the millions, with costs similarly increased. Although the article was written before the holidays, the tips provided are still very useful to manage the risk of security breaches.