This document discusses cyber risks and cyber liability insurance. It summarizes that many major companies have experienced data breaches in recent years. It outlines common cyber risks like computer intrusions, loss of physical devices, and social media issues. It recommends basic loss control techniques and identifies what cyber liability insurance can cover, such as first and third party losses from network security breaches, privacy breaches, and internet media liability. Coverage limits start at $100,000 with premiums as low as $250.

1. Cyber Liability
Provided by: Sean Graham, Client Executive

2. 2 CMW
Agenda
• Understand the Risks
• Privacy Laws Developing
• Currently in the Courts
• Types of Risks
• Identify and Manage Risks
• Basic Loss Control Techniques
• Cyber Risk Coverage

3. 3 CMW
Understand the Risks
• Kroger Co.
• Home Depot Canada
• Best Buy Canada
• AbeBooks
• Barclays Bank
• Capital One
What do all these companies and institutions
have in common?
They have all been victims of data breach
between 2012-2014.

4. 4 CMW
Understand the Risks
• Millions of stolen records containing personal information
 Social insurance numbers
 Credit card numbers
 Bank account numbers
If your Organization handles employees or customers’
personal data, intellectual property or proprietary
corporate data, you are at risk.

5. 5 CMW
Understand the Risks
• Common assumption that smaller businesses are not
targets of cyber crime
• 40% of data breaches were small to mid-sized
businesses
(Symantec SMB Threat Awareness Poll Global Results)

6. 6 CMW
Privacy Laws Developing
• New Alberta law requires notification to government and
each person affected
• BC law on the horizon
• Cost of informing ~$10-20 per record

7. 7 CMW
Currently in the Courts
• Evans v. Scotia, 2014 ONSC2135
 Class action certified alleging employee stole 643 customer
information files, resulting in 138 cases of fraud
• Condon v. Canada, 2014 FC250
 Class action certified, alleging lost drive with 583,000 individuals
information, including name, SIN, DOB
Defense costs in such cases are often higher than the
settlements.

8. 8 CMW
Types of Risks
• Viruses
• Worms
• Trojan horses
• Logic bombs
• Denial of Service (DoS) and Distributed Denial of Service (DDoS)
• Spyware
• Data breach
• Phishing
• Spam
Computer Intrusions

9. 9 CMW
Types of Risks
• Internal sources such as disgruntled employee with knowledge of
computer systems
• External sources such as hacker looking to steal/destroy a
company’s intangible assets
Computer Intrusions

10. 10 CMW
Types of Risks
• Loss of physical devices considered cyber breaches if containing
private records/proprietary information
 Smartphones
 Laptops
 USB drives
Physical Devices

11. 11 CMW
Types of Risks
• Your company is responsible for content posted on social media
• Employee posts using your name apply
Social Media

12. 12 CMW
Identify and Manage Risks
• Identify the sensitive data you store
 Customer (financial information, contact information, purchase history,
buying habits)
 Employee (payroll files, bank information, social insurance numbers,
home addresses and phone numbers, work and personal e-mails)
 Business (financial records, marketing plans, product designs and tax
information)
Limiting Intrusions

13. 13 CMW
Identify and Manage Risks
• Identify where data is stored
 Data most at risk when on the move
• Identify who accesses your data
 Only provide access to those who require it
• Publish only appropriate information
 Company websites among first places cyber criminals look for data
Limiting Intrusions

14. 14 CMW
Basic Loss Control Techniques
• Install a firewall for your network
• Encrypt data
• Install anti-virus, anti-malware and anti-spyware software
• Implement an employee password policy
• Back up data regularly
• Develop a business continuity plan
• Develop privacy, password, internet usage, social media
policies

15. 15 CMW
Basic Loss Control Techniques
• Secure company facilities
• Minimize and safeguard printed materials with sensitive
information
 Procedures to limit quantity printed
• Dispose of trash securely
• Dispose of electronic equipment securely
• Train employees in facility security procedures

16. 16 CMW
Cyber Risk Coverage
• Data is not tangible property
• Triggered by named perils - not virus or hacking
• Requires “direct” physical loss
• Breach privacy due to hacking or other “non-publication” related
disclosure
• Damage to others’ intangible property
• Related non-advertising intellectual property infringement (except
patent or trade secret)
• Websites with editorial content (i.e. medical advice, white papers,
blogs) falling outside definition of advertisement
What’s Not Covered in CGL

17. 17 CMW
Cyber Risk Coverage
• First and third party losses resulting from:
 Network security breach i.e. computer virus downloaded or
accidentally transmitted to customer
 Privacy breach caused by misplaced laptop, hard copy file, etc.
 Internet Media Liability arising from content posted on website or
electronically elsewhere
Risks that Trigger Coverage

18. 18 CMW
Cyber Risk Coverage
• Access to data risk management services providers
• Defense costs, including forensic investigation costs
• Voluntary notification cost
• Public relations expense - repair reputation
• All reasonable and necessary expenses arising out of a credible
extortion demand
• Damage from extortion covered by other insuring agreements
• Coverage limits starting at $100,000 as low as $250 premium
Common Coverages

19. 19 CMW
Take the next step to learn more.
Contact Sean Graham, Client Executive at CMW
Insurance Ltd, to learn more and custom fit a Cyber Risk
Solution for your organization today.
Call: 604-484-3707
Email: sgraham@cmwinsurance.com
Web: www.cmwinsurance.com
Cyber Liability Insurance is inexpensive effective
coverage, with annual premiums starting as low as
$250.