3 misconceptions about cyber insurance coverage

Repeated green lock image on black background with one red lock
2 minute read  

You’ve no doubt heard or read a story about the impact of a cyber breach on a healthcare lab testing firm, large multi-national corporation, government, or charity that has resulted in tens of millions of clients, citizens, or donors being affected. In fact, ransomware attacks – one of the costliest forms of cyber attacks – have skyrocketed in 2021, increasing across the globe by 151 per cent. The Sophos State of Ransomware Report 2021 found that 39 per cent of Canadian businesses had suffered a ransomware hit the prior year, and 65 per cent of them anticipated being subject to a ransomware attack in the future.

Despite these numbers and these types of high profile cases, some businesses are still unclear as to whether or not they’re actually covered for this type of risk or simply feel that cyber insurance coverage is not something they need.

With that in mind, we’d like to help clear up some of the misconceptions that are out there about cyber insurance coverage.

“I’m already covered for cyber risk exposures with my general liability policy.”

This is a common misconception among companies. Many business owners assume their current insurance policy covers cyber, but it generally does not. Data isn’t considered a tangible property so it’s excluded under a property policy. Damages arising out of loss or corruption of electronic data, loss of income resulting from a computer virus or malware or DDoS, and certain expenses like extortion expenses may not be covered under traditional liability or property policies. Having cyber risk and data breach coverage will go a long way if your business is impacted by a cyber breach.

“We’re not a mega-corporation, so we don’t need cyber insurance coverage.”

Cyber insurance is more than coverage against hackers – it covers human error and losses caused by employees. There’s a common misconception that cyber criminals are only interested in targeting large corporations, but that’s not necessarily the case. Smaller companies can be easier to hack because they lack the resources and protective barriers of larger ones. They’re even targeted sometimes as a point of entry to gain access to more sizable vendors or customers. No matter what industry you’re in, if you provide services in a digital capacity, rely on a computer for your business, or collect any type of customer data or financial records (both digital or physical copies), cyber risk and data breach coverage should be part of your business insurance policy.

“I’m sure I can manage on my own without having to get special insurance coverage.”

Ask yourself: Do you have an incident response plan, disaster recovery plan, and a business continuity plan? A lot of businesses don’t. The untold impact of a data breach is the reputational damage it can cause to the company itself. If a privacy incident is not properly handled, it can be devastating to the survival of the company. Your cyber risk insurance may be able to help with expenses associated with managing a hack, such as incident response expenses, data recovery expenses, public relations services, and loss of business income.

Ensure you’re covered

You’ve worked hard to build your business, which is why ensuring it’s adequately protected is so important. If you’re still not sure about cyber risk coverage, visit our cyber risk and data breach coverage page today.


This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information. Terms, conditions and exclusions apply to coverage. See policy for details.