September 30, 2015 by Angela Stelmakowich, Editor
Companies in Canada are warming to cyber insurance – with more and more organizations expected to obtain coverage over the next few years – but they still need to ensure their exposure ducks are all in a row.
“You have to consider cyber liability exposure, even if you choose not to risk transfer and purchase insurance for that,” Lynn Oldfield, president and CEO of AIG Canada, said Tuesday during a panel discussion at RIMS Canada Conference 2015 in Quebec City.
“You absolutely have to go through the due diligence process for your firm,” Oldfield emphasized, suggesting that just completing the evaluation process brings with it value and information.
That information will likely prove of use should an organization decide to move forward with purchasing coverage.
“AIG will not always offer you insurance and that should be a huge red flag,” Oldfield (pictured, right) pointed out. She noted that her company, for example, may invest a day on the phone with a technologist reviewing everything with a prospective buyer, but then respectfully decline to offer a quotation. “I would say that then becomes your number one operational risk, credit risk, market risk and reputational risk.”
Regardless of business size or sector, whether for profit or non-profit, she noted it must be acknowledged that cyber risk is now part of the landscape.
Robert Dunn, chairman and managing principal of Integro Canada Ltd. (pictured left), would agree. Dunn told attendees that his company is seeing a bit of cyber insurance coverage being purchased, but it is also “making an awful lot of presentations. People are becoming more aware of what’s happening.”
His prediction? “I would say that over the next two or three years, we probably will get 75% of the people buying coverage. It’s just becoming a lot more common,” he said, adding that more carriers are offering some sort of cyber policy.
Having a wider choice means “it’s becoming maybe cheaper to buy also. We get better comprehension. And the clients are also better protected today than they were five, six or 10 years ago,” Dunn said.
It is an evolution, but people need to understand the potential impact of cyber events and take steps to address related risks. “Whether a small or a big organization, it can be disastrous to your organization, not just from a financial point of view, but also from a reputational point of view,” he emphasized.
Ten, even five, years ago, risk managers may have gone to their IT departments and asked whether or not cyber insurance should be part of the mix, Oldfield relayed. In general, the IT response was that the department had things covered.
“We kind of listened because they had a subject matter expertise that we didn’t. All that’s off the table,” she emphasized, telling the room full of risk managers that now “the IT guys should be coming to you.”
Oldfield suggested that “cyber is the greatest exposure, in my mind,” adding she expects it to grow in leaps and bounds. At AIG, “we’re having a claim reported on 50% of the policies that were purchased in Canada,” she reported.
“I would encourage you to go through the (application) process,” which may be long and involved, but is certainly well worth the effort, Oldfield said.
Rick Roberts, RIMS president and director of risk management and employee benefits for Ensign-Bickford Industries (pictured right), said going through the process of reviewing possible cyber threats is very important since this sort of review helps identify any gaps. That information then allows an organization to determine what to then do in response, Roberts suggested.
More coverage of the 2015 RIMS Canada Conference