Few are covered for cyber-incidents

Last month’s blackout in parts of Ontario shed light on the Canadian enterprises’ increasing dependence on computer networks for vital data.

But as this dependence rises, so too does vulnerability to critical data, communications and business continuity. According to the Insurance Information Institute, a U.S. umbrella group representing the industry, traditional insurance policies – namely standard property and commercial general liability insurance – may not be enough when covering potential cyber-risk and cyber-incidents.

When it comes to risk management, the dynamics have changed, according to the Institute’s cyber expert John Spagnuolo in New York. He says most organizations are living in a 21 st century threat environment with 20 th century insurance coverage.

The Insurance Information Institute also points to a recent Ernst & Young survey, which revealed that only seven per cent of the 1,400 organizations polled were confident that a specific network and cyber-risk policy was in place.

In Canada, insurers are redefining the terms and conditions of traditional coverage. Specifically, coverage for policies like cyber-risk have either been reworded or removed altogether, making them woefully inadequate for enterprise needs.

Cheryl Bieson, president of Calgary-based risk management consultants Deucalion Inc., noted that as far as risk-management programs go, insurance for cyber-risk should be the “first element.” Policies that offer this form of coverage tend to be specialized and require that the insurer have adequate preventative measures in place. In some cases, Bieson explained, enterprises may have to undergo an audit to ensure that coverage requirements are being met.

If a hacker or virus, for instance, affects a network or destroys data, most organizations today have either limited or no coverage. The question organizations must ask themselves – factoring in their time and resources – is how much risk is prudent to accept, noted Bieson.

Len Watson, senior vice-president at IT services firm CGI Group Inc. in Toronto, said there’s always a level of risk when dealing with computer networks and data, making it hard to determine what could happen. Organizations need to be aware of that, Watson noted. At CGI – which offers hosting and outsourcing of specific IT services – the data centres are geographically dispersed. Watson recommends organizations follow a similar practice to prevent a total loss of data in the event of a cyber catastrophe.

In the end, the primary tools used to effectively manage cyber-risk include a combination of insurance, prevention and recovery. According to Bieson, the key is to use all three as part of an organization’s fiscal and strategic plans.

“All three have limitations; however, once combined, they provide a fundamental safety net to offset the risks inherent in the business environment…the resources expended on sound risk management practices can translate into a strategic return on investment, particularly in the area of intangible losses such as shareholder confidence, customer satis

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now