Regulators to brokers: What is your cyber security plan?

What programs – if any – does your brokerage have in place to mitigate your own cyber risk? This is what your provincial regulator could be asking you, if they haven’t already.

“If the Registered Insurance Brokers of Ontario knocks on your door for their audit, they are going to be asking questions about your cyber hygiene,” said Philomena Comerford, CEO of Baird MacGregor Insurance Brokers LP & Hargraft Schofield LP, during a recent Canadian Underwriter webinar.

Speakers were asked how the COVID-19 pandemic could change the P&C industry’s cyber insurance offerings, products and coverage.

Comerford suggests more businesses will be mandated – either by regulators or contractual agreements – to have cyber insurance in place. One reason is that many cyber losses have arisen from massive events.

“We went through RIBO and we had to fill out a huge section talking about our cyber security,” Comerford said during the webinar. “They do a pre-questionnaire and I thought that was good because I thought they should be making cyber mandatory for insurance brokers, and [I] recommended that when I was on the Toronto Insurance Council board because of the amount of personally identifiable information we have. It’s immense.”

Comerford was president of what is now the Toronto Insurance Council in 2015-16.

“To have no cyber insurance is like walking outside with no clothes on,” said Comerford.

Three hundred and twenty audience members who attended the Canadian Underwriter webinar – Business Continuity in the Digital Age Part 2: How COVID-19 can infect your cybersecurity – were asked several poll questions. One asked how they thought the coronavirus pandemic would impact the cyber insurance market in the long term. The vast majority (90%) said it will cause the cyber insurance market to expand.

“This is going to give a boost to what is already a very-quickly growing market – underlying how important the need is – especially the overlap between personal cyber and cyber from a commercial standpoint and where that merges, especially for the small- to mid-sized business market,” said Eduard Goodman, global privacy officer of CyberScout, during the webinar.

Feature image via iStock.com/cnythzl