In recent years (and arguably even months), we have seen a rise in high profile data breaches and ransomware attaches - from the WannaCry and Peyta ransomware to the data breach of Equifax. These types of data breach can occur not only to the largest corporation, but also to local public bodies and small business and operations (e.g. the University of Calgary, which paid a $20,000 ransom to unlock its email and servers).
So how does an organization or public body protect itself? Is cyber insurance the easy solution?
Such insurance policies are being offered by most, if not all major insurance companies. It can cover an organization from potential business losses and business interruption, ransomeware payouts, forensic investigations, and even damages of affected individuals.
Whether your organization will be the subject of a data breach is not a matter of if, but more likely when. However, despite this cyber insurance might still be a want for most organization, rather than a need. And just like any insurance policy, it does not necessarily protect an organization from all risks and potential liabilities or issues.
It is important that organization also consider what practices and policies it has in place to protect their data and information in the first place. For example, how is data back up, where is data stored (onsite or in the cloud), how often is data backed up? The answers to these questions can be just as important (if not more) than what type of insurance coverage and how much coverage should your organization obtain in our cyber insurance policy?
Among the questions raised in the nation’s C-suites was one that, until recently, had rarely been discussed: do we need cyber and ransomware insurance to help protect us if we become the next victim?