Cyber threats are a growing concern for businesses of all sizes in Canada. Many small businesses do not feel that they are a target for cyber threats, but according to Paul Gardner, Northridge Insurance Senior VP of Risk Services, “While attacks on big companies tend to make the headlines more often, small and mid-size businesses are equally prone to cyber events. While these businesses might assume that they possess less valuable data than larger organizations, even smaller businesses store sensitive employee and customer information, financial data or intellectual property that can be valuable to cyber criminals.” Here are the reasons to look at Cyber security insurance:
Protecting Business Viability: The Innovation, Science and Economic Development Canada report highlights that nearly 98 percent of all employers in Canada are small businesses. The Canadian Small Business Cybersecurity Survival Guide reveals that a significant portion of these businesses allocate 0% of their operating budget to cyber security protection. However, considering that 41% of these same businesses have experienced cyberattacks costing at least $100,000 each, that is an imperative financial incentive to invest in cyber security insurance. This insurance can provide a financial safety net against potential cyber-attack-related losses, protecting business continuity, brand reputation and trust.
Cost and Reputational Impact: Cyberattacks not only entail financial losses but impact reputation damage, loss of revenues, and employee stress-related costs. With 47% of small businesses neglecting to allocate any funds for cyber security, they risk incurring substantial costs that could have been mitigated through cyber security insurance coverage. A well-crafted cyber insurance policy can cover the financial repercussions of a cyberattack, helping businesses bounce back more effectively.
Employee Awareness and Responsibility: Studies indicate that a significant percentage of employees believe their employers are solely responsible for protecting workplace data against cyber threats. Nonetheless, it’s crucial for employees to be educated about cyber security best practices to prevent breaches. Insurance policies often come with resources for employee training. The Canadian Federation of Independent Business (CFIB) offers online courses with tips and training.
Tailored Coverage and Preparedness: Cyber security insurance not only provides financial protection but can also serve as a proactive approach to cyber threats. By purchasing such insurance, small businesses are often subjected to thorough vulnerability assessments, which can reveal weaknesses in their cyber security protocols. Addressing these vulnerabilities can lead to a more robust cyber defense strategy, reducing the likelihood of successful cyberattacks.
Steps for small businesses to get cyber safe
A great starting point is the IBC Cyber Savvy Challenge. Here, you can evaluate your current cybersecurity protocols. If your business aligns with the norm for Canadian small businesses (a C grade), it’s time to enhance your approach. By reinforcing cybersecurity from the top down, and considering cyber insurance, your small business can take meaningful steps to enhance its protection against cyber threats.
The responsibility for cybersecurity must be embraced from the highest levels of the organization. It’s not just the duty of one IT person; rather, everyone within your company should possess enough awareness to grasp the basics of terms like phishing, malware, scam emails, smishing, spearfishing, spoofing, and whaling.
In the realm of cybercrime, opportunism plays a significant role. Cybercriminals, often referred to as bad actors, exhibit a tendency to target vulnerable entities, regardless of their size.
It’s notable that a staggering 72% of employees have inadvertently exposed their workplace to cyber risks. Interestingly, 28% of respondents believe that safeguarding the workplace and its data solely rests on the shoulders of the employer. This perception aligns with the fact that cybercriminals often focus their efforts on employees, aiming to exploit their access to company data and systems.
To safeguard against becoming a target of cyber threats, employees can adhere to some key tips:
1. Passwords: Avoid saving passwords in browsers. Instead, opt for a more secure approach by using a password vault. The Government of Canada’s Cybersafe initiative recommends sound password practices.
2. Public Wi-Fi: Refrain from using public Wi-Fi networks to access work-related data. Opt for a personal hotspot on your phone or a VPN established by your IT administrator. If working from home, ensure your modem has a robust password and avoid casually sharing it.
3. Unauthorized Apps: Be cautious about downloading unauthorized apps or software onto your work computer. If you require an application for work purposes, consult your IT department (whether in-house or outsourced) to ensure its safety and compatibility with the necessary firewalls.
4. Personal Devices: Maintain a clear boundary between work and personal devices. Avoid sharing work-related information on your personal devices.
5. Sensitive Data and Emails: Never send sensitive data, emails, or passwords via email. This practice can minimize the risk of interception and unauthorized access.
6. Sharing Devices: Prevent family and friends from using your work computer to minimize potential security breaches.
For small businesses looking to bolster their cybersecurity, consider the following steps:
1. Assessment: Begin by exploring resources like the IBC Cybersavy site to evaluate your existing cyber security protocols.
2. Cultivating a Cybersecurity Culture: A strong cybersecurity culture starts from the top down.
3. Insurance and Vulnerability Testing: Investing in cyber insurance offers a twofold benefit. Apart from financial coverage, insurance providers often conduct thorough vulnerability assessments to pinpoint weaknesses within the organization’s cybersecurity.
4. Best Practices Checklist: Evaluate your organization’s cybersecurity readiness against a comprehensive checklist:
- Incident Response Plan: Ensure a well-defined emergency plan for breach scenarios.
- Software Vulnerabilities: Regularly identify and address software vulnerabilities through updates and patches.
- Password Vaults and MFA: Utilize password vaults and multi-factor authentication.
- Data Backup: Maintain data backup on a separate server to counter ransomware threats.
- Software Security: Employ software-based security measures such as firewalls.
- Cloud Security: Ensure the security of cloud-based systems if they are in use.
- Employee Training: Institute training protocols for all employees to identify cyberattacks and implement best practices.
- Mobile Device Protocol: If employees use sensitive information on mobile devices, implement a clear protocol for device management and monitoring.
In conclusion, cyber security insurance offers small businesses in Canada a proactive and comprehensive solution to safeguard their operations and finances. Given the prevalence of cyber threats, the financial impact of attacks, and the potential for reputational damage, investing in cyber security insurance is a prudent step for any small business aiming to thrive in the digital age.
Resources for Cyber Security
Chamber: Canadian Small Business Cyber Security Survival
Chamber: Survival Guide
Insurance Bureau of Canada: Cyber Security: Cyber Security Awareness Training
Insurance Bureau of Canada: Cyber Savvy Report Card
City News: Text and Email Scams on the Rise in Canada
Canadian Underwriter: Who is Putting your Clients at Risk?