Every year CIRA publishes an annual survey of Canadian IT security decision-makers to better understand how they are coping with cyber-threats. This year’s survey was conducted by The Strategic Counsel in July and August, and collected over 500 responses from IT professionals across the country. This is blog one of five in the series for 2021.
“It’s not if you’re hacked, it’s when.” This old cybersecurity maxim explains why more businesses are purchasing cybersecurity insurance. Despite their best efforts to prevent being hacked, too often defenses fail – and the results can be costly.
When it comes to managing risk, prevention can’t be ignored – but neither can recovery. An insurance policy that covers damages related to hacks is one way to prepare for the worst, but isn’t a panacea. Cybersecurity insurance is still a nascent industry that is very much buyer beware. Providers require compliance with a minimal set of security standards, the policies contain exceptions, and the coverage may not always be enough to cover the losses.
When insurance emerged as a way to control cyber liability in the 1990s, the biggest worries were data processing errors and lawsuits related to online media, according to California-based broker Colony West. Then, in the 2000s, first-party insurance emerged to cover data breaches and lost productivity time.
Flash forward to 2021, where adoption of cybersecurity insurance is growing in parallel with the growing number of cyber attacks. At the same time, expenses are soaring due to hefty ransoms paid to hacker groups and massive fines paid to regulators policing the storage and transfer of personal information online.
In Canada, cybersecurity insurance has become a popular tool for managing risk. According to CIRA’s 2021 Cybersecurity Survey, six out of 10 Canadians organizations with more than 50 desktops have a cybersecurity insurance coverage. Three in 10 have a cybersecurity-specific policy.
In Canada, cybersecurity insurance has become a popular tool for managing risk.