Insights Header image
Insights Header image
Insights Header image

Cyber risk insurance: driving the risk management process

October 2015 Insurance Bulletin 2 minute read

Insurers and other insurance professionals have traditionally been well positioned to drive improvements in risk management processes. Cyber-security risk is a modern phenomenon which has arisen in the electronic information and internet age, and the insurance industry is demonstrating that it can play a key role both in educating and equipping public and private sector organisations to manage this emerging risk, and in providing insurance protection.

In Canada, as in other jurisdictions, a number of insurance professionals are leading the charge by providing a host of cyber risk-related services, including:

  • performing comprehensive analyses of the types of risk to which their clients are exposed;
  • matching the risk profile to the insurance available; and
  • providing education on risk management and the risk mitigation efforts that can help to reduce the risk of loss.

These efforts can also reduce the cost of insurance because they align the insurer’s interests with those of the insured organisation through the effective management of risks that are now shared with the insurer.

Some insurers and insurance professionals also offer cyber-security risk related services for after an event, including through third-party service providers such as breach consultation, forensic analysis, notification services, call centre services, credit and identity theft monitoring, fraud consultation and credit and identity restoration services.

Organisations that, due to the nature of their operations, are vulnerable to cyber-attacks or privacy or data security breaches should seriously consider obtaining insurance coverage against these risks. Today, insurance products are evolving in this area, and in some cases can be tailored to an organisation’s specific needs. In applying for coverage, organisations should be prepared to demonstrate to the insurer that cyber risk is an integrated part of their overall enterprise-wide risk management framework and that appropriate risk management tools and processes are in place. Insurers, brokers and other specialists will be involved in the process in order to analyse and assess the potential risk and the effectiveness of the measures in place to mitigate losses. In this way, as in other areas of risk, the insurance industry can drive overall improvements in cyber-risk management.

by Carol Lyons

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2015

Insights (5 Posts)View More

Featured Insight

Client Alert – Certain Canadian Corporations May Be Subject to US Corporate Transparency Act Reporting Requirements

Certain Canadian Corporations Conducting Business in the United States May Be Subject to US Corporate Transparency Act Reporting Requirements

Read More
Nov 29, 2023
Featured Insight

Could it be True? Canada to Introduce Open Banking Legislation

On November 21, 2023, the Government of Canada released its 2023 Fall Economic Statement. The Economic Statement announced the federal government's intention.

Read More
Nov 29, 2023
Featured Insight

Net Zero Plans Deserve Closer Attention Than They Are Getting

This bulletin provides guidance for companies on practices around net zero plans

Read More
Nov 29, 2023
Featured Insight

Necessary Guidance: Ontario Capital Markets Tribunal Provides Key Insights on the ‘Necessary Course of Business’ Exception in Kraft (Re)

The first application of the "necessary course of business" defense to tipping, Kraft (Re) offers key insights when handling material non-public information.

Read More
Nov 29, 2023
Featured Insight

Corporate Counsel CPD Webinar | Inclusion By Design – Using Behavioral Insights to Build Inclusive Organizations

This engaging and informative session will introduce new behaviorally informed strategies, and explore the concept of “nudges”, gentle interventions that guide individuals toward a desired choice or action, and “sludge”, hidden frictions in systems that impede progress toward a desired goal. Participants will learn specific strategies for applying behavioral insights to increase DEIB across their organization.

Details
Wednesday, December 6, 2023