Background. With cyber breaches costing Canadian organizations an average of $6.75 million per incident in 2021 and ransomware attacks increasing in severity and sophistication, it's becoming more difficult and expensive for organizations to obtain cyber insurance. At the same time, provincial governments are taking the protection of personal information more seriously. Québec's adoption of Bill 64, for example, will introduce substantial legal requirements for organizations over the next three years — everything from expanded breach reporting to new rules for consent. We expect the rest of Canada to follow Québec's lead over the next two to five years.
Impact. To obtain cyber insurance at a reasonable cost, organizations will need to convince insurers that they are a good risk. Regulatory changes will mean increased reporting requirements, higher fines and more comprehensive breach investigations. The good news? Having robust security and data management policies, including multi-factor authentication, a strong incident response plan, data mapping and data retention protocols, can help you both win over insurance companies and comply with stricter regulations. These same policies will also help reduce your exposure to liability in the event of a breach.
Top tip. Ask your external counsel if they have pre-packaged programs, such as a cyber hygiene insurability audit, to help you prepare a first cyber insurance application or reduce your cyber insurance costs. Our free cyber hygiene checklist is a great place to start (contact Eric Charleston for your copy). Legal counsel can also help you put together an incident response plan and recommend steps to minimize your threat exposure.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.