17 August 2017 07:00
At the time of the attacks WannaCry and NotPetya, cybersecurity becomes a subject of the hour. Concerns arise with respect to the solutions proposed by the industry to businesses. Are they sufficient ? Possibly not, meet experts of all sorts.
Two brokers in damage insurance, Anne Martel, co-chair of the firm of Martel & Martel, Suzanne Brisebois, who specializes in business insurance with Lussier Dale Parizeau, say they doubt that the insurance products that underwrite canadian companies sufficiently protect. Several factors explain this, they add.
First, the business leaders point to a significant lack of information or interest in cyber security. «Every owner, president, CEO and top frame should be on the lookout for this problem. These people have, however, very little information or don’t have interest in the face of threats. We just started to talk about it. The people involved find it away from them and that they will not be actually affected. The insurance broker must speak to them about it. It is for this reason that we are adding this protection against cyber risks to all of our fonts for the businesses, » explains Anne Martel.
Data of high value
Ms. Brisebois notes another major issue that arises at the lack of information held by the business leaders : the value of their data. «The intangibility of the data to ensure that entrepreneurs do not tend to count them as an asset. They have, however, a great value. «
It is estimated that it costs $ 150 in time to redo a single folder full of data. It is for this reason that Ms. Brisebois suggests that businesses assess the value of all their data and include it in their balance sheet.
In addition, Ms. Brisebois relates that she sometimes thrust in the departments of information technology that are reluctant to provide access to the security systems of the company to facilitate the subscription. «Some it departments of companies offer a great resistance because they want to keep their budget to protect themselves, rather than a part is taken to obtain a product insurance. They see insurance as an expense and not as an investment in the security. «
The costs complex and the long process of underwriting, where the underwriters have to ask a lot of questions and receive the help of a specialist, which analyzes the information technology infrastructure, are often barriers to adequate protection. It can be difficult for a broker novice to navigate through the technical nature of the product, the specific language and exclusions differ from one insurer to another.
«Cyber, this is new. Some brokers are not necessarily comfortable, since it involves a proposal large. It takes a lot of information to properly price the policy. Also, the fonts are so different from one insurer to the other that it can be difficult to make the comparison between the two to see which is better. «(Editor’s NOTE : in the jargon of the insurance, the term cyber is increasingly being used to refer to the product cyberrisque.)
This is not the measurement of aspects of the usual pricing — assets, the scope of customers, suppliers, business partners, among others — which turns out to be the most arduous task in the process, but rather define the limit of protection which poses a problem for insurance companies, » says Ms. Brisebois. «The historical loss experience is incomplete because of the newness of the product. It is difficult to establish the boundaries of protection. «
Limits largely inadequate
Anne Martel estimates that a limit appropriate for a larger enterprise in Quebec is in the hundreds of millions of dollars. Currently, the limits offered by insurers canadians are generally considered to be around 25 000 $ to 50 000 $.
«These amounts would cover just the operating losses of a business in quebec that are more or less important. In 2017, we are at the dawn of a crying need. The products available to us are largely inadequate ! We were told two years ago that the guarantees were to be improved. This has not happened. The risk is present, » laments she.
Jean-François Gagnon, associate attorney at Langlois Lawyers, gives his legal perspective on the issue. He points out that the insurance limits are a choice of company. «It is necessary to think of the premium and the capacity of the market. It adds a certain complexity to the product. «
The response of insurers
To meet this demand, Intact Insurance offers its clients the option to raise the limits according to their specific needs, stresses Maude Savard-Kokinski, senior advisor, external communications at the insurer. This option reflects the evolving need of the product, » she said.
«Every day, new viruses and potential vulnerabilities are emerging. As a general rule, commodities are not sufficient to fully protect the majority of companies. We are seeing more and more attacks that do not involve the theft of data or invasion of privacy, but rather the paralysis of business operations. This kind of loss ask for a blanket more specialized. «
However, although the type of attack is constantly changing, the results are often the same, shade Patrick Cruikshank, director, professional liability at Northbridge. «Cyber is rapidly evolving. The changes of attitudes towards the technology and its adoption continues to grow will put a certain pressure so that the products switzerland against cyber risks evolve as well. We must be careful not to get caught by trends and tactics. It is necessary to keep an eye on the result of the attacks, not the means used. «
A market largely under-exploited
On the world market, the product of cyber-security has existed as long as the Internet has democratized it for more than 15 years, » says Suzanne Brisebois, Lussier Dale Parizeau. By contrast, in Canada, the protection only a few years old. The market there is very little exploited, » she said.
To protect businesses, insurers have two approaches : the font monoline or by endorsement to a commercial policy or professional liability, according to the needs of the client. The first covers all the cyber risks that this is the extortion, the threats, the security of networks, in particular.
«It is clear the police single in the largest firms, where the data is important or who have a transactional site. At this time, they are interested to obtain a more complete product, » says Ms. Brisebois.
Smaller companies, meanwhile, require more often an endorsement to an insurance policy business or professional liability, which does not cover all, but protects the basic needs. «We see new entrants on the market. Most insurance companies will offer or prepare a product of switzerland against cyber risks. Everyone launched into the market because it is a product of fashion, but few canadian insurers specialize actually in the cyber, » said Ms. Brisebois.
Return to the essence of insurance
Anne Martel, Martel & Martel, in advance, that in order to cover the risks, we must return to the essence of the insurance. «We are at the beginning of a new era. The product cyber are asked to return to the base insurance, and building new products that do not exist. They have also themselves of the difficulty in assessing financial risk as it is new. It was a product, it will evolve over time, like all other insurance products. «
Me Jean-François Gagnon, Langlois Lawyers, abounds in the same direction. «In Canada and in Quebec, it is an emerging market and is clearly not mature. The products are not yet homogeneous, the insurance Bureau of Canada (IBC) has no model form available. There are a lot of differences in the warranties offered. «
The insurers most active in the market are Allianz, Liberty, Travelers, as well as the American AIG and Chubb, note Suzanne Brisebois. It calculates that the canadian insurance market, cyber security lags five to ten years compared to that of the United States.
«There are several brokerage firms that make a lot of fonts, cyber, whereas here we account some specialists. It must be said that our neighbours to the South are particularly vulnerable to lawsuits and class actions «, she adds.