Canadian Underwriter

One important attribute required for the sale of cyber insurance

December 4, 2017   by Greg Meckbach, Associate Editor

Print this page Share

Advising clients on cyber policies “takes a level of sophistication on the broker’s side,” New Brunswick insurance defence lawyer Ryan Burgoyne told Canadian Underwriter Friday.

“If you are putting yourself out to have specialized expertise in cyber liability insurance as a broker, brokers are going to have to be careful to make sure they understand the needs of their clients and the clients are getting the coverage they expect,” Burgoyne said Friday.

He recommended that brokers pay close scrutiny to a cyber liability application, suggesting they advise a client to seek the aid of an IT specialist before submitting an application for cyber liability to insurance providers.

Canadian courts have put a fairly high onus on brokers in all lines of insurance when determining clients’ coverage needs, as per the ruling in the Court of Appeal for Ontario’s 1977 decision in Fine’s Flowers Ltd. et. al. v. General Accident Assurance Co. of Canada et. al. (1976).

A cyber liability insurer will not write coverage unless computer security technologies such as firewalls and data backup are “already be in place,” Burgoyne, managing partner of law firm Cox & Palmer’s Fredericton office, wrote in a recent report.

Clients should make sure computer security measures are in place to obtain cyber liability coverage. Security features “may include the presence of a firewall, the presence of virus scans, assignment of a responsible person in the event of a cyber-attack, a data back-up and storage mechanism, and the adoption of a security policy,” Burgoyne wrote in A New Realm: Cyberspace, Cyber Liability and Cyber Liability Insurance. “Failure to keep security technology, mechanisms and responses up-to-date after a cyber-liability policy is obtained could result in a bar to recovery.”

Cyber liability insurance will generally cover third-party liability, including invasion of privacy claims, breach of fiduciary duty claims where there is a failure to protect a client’s personal information, libel or slander, or the infringement of intellectual property rights, Burgoyne wrote in his report, released Nov. 17, 2017.

Some cyber policies have an exclusion for “reckless conduct,” the report notes, or “failure of an Insured to continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance and all related information submitted to the Insurer in conjunction with such application.”