Penny wise, pound foolish: Necessity of getting cyber insurance

Introduction

As cybersecurity attacks and data breaches have become increasingly prominent and costly, it is essential that organizations have the proper policies and procedures to protect themselves against significant financial and reputational harm. However, these attacks and breaches cannot be eliminated entirely, even with the most robust security safeguards. Therefore, cybersecurity insurance can act as a last line of defense by protecting an organization from significant financial harm when a breach ultimately occurs. Effectively, businesses can use cybersecurity insurance as part of a holistic approach to managing cybersecurity attacks and data breaches. This article will discuss the importance of cyber insurance policies by providing an overview of the serious threats organizations commonly face today, what cybersecurity insurance is and what it offers, and the limitations of cybersecurity insurance policies.

Read more

Cyber Insurance and D&O Liability

Introduction

In the past decade, there have been several reports of cybersecurity attacks and data breaches to large corporations.1 In many cases, those affected by the breach want to hold the directors and officers accountable, as they feel the corporation failed to implement the proper security measures to prevent a breach from happening or did not effectively handle the aftermath of the breach. However, directors and officers generally enjoy limited personal liability subject to a few exceptions.2 Nevertheless, as more specific guidance emerges for directors and officers handling cybersecurity issues, the scope of this liability may widen.3 Thus, directors and officers should not take comfort in the substantial barriers that prevent them from being held liable for issues relating to the organization.

Read more

Practical Primer for Insureds and Insurers on Cyber Law

Key takeaways for the insured

Consider industry standards and best practices

  • Identify company’s legal obligations under federal and provincial privacy laws, securities laws, and policies and guidelines set out by industry regulators;
  • Develop and test an incident response plan;
  • Involve senior management, directors and officers, and legal counsel in creating the effective response plan for cybersecurity-related risks;
  • Train employees and educate staff so they are aware of their legal obligations;
  • Develop and enforce an information security policy; and
  • Participate in cybersecurity information sharing programs.

Determine your exposure

  • The most common attacks are social attacks (e.g., whaling), hacking and networking intrusions, and malware and end user attacks;
    • Social attacks are among the most common for senior business executives who have access to the company’s funds; and
    • Directors and officers may be held liable in the event of a cybersecurity attack or data breach if they failed to oversee and implement reasonable cybersecurity measures for the company, or failed to comply with any disclosure requirements after a breach occurred. 

Obtain cyber insurance coverage

  • Businesses should determine what risks are most relevant to their company and ensure they are adequately covered under their insurance policy.
Read more

Cyber law and insurance: Four part series providing an overview of the legal and risk landscape

Four corners of the Cyber legal regime

In Canada, several federal and provincial laws and regulations govern cybersecurity and data protection, each addressing a particular issue. Due to its complex nature, businesses should ensure they understand what legislation applies to them and identify what their obligations are under the applicable legislation, as failure to comply can result in significant financial and reputational harm. By understanding this governing framework, organizations can be proactive and implement the necessary procedures to ensure they properly protect their business and clients. This article will provide a brief overview of the relevant statutes, regulations and case law relating to data protection and cybersecurity.

Read more

Calculating Damages in Representations and Warranties Cases

This article is authored by Ephraim Stulberg for MDD Forensic Accountants.

Introduction

Mergers and acquisitions (“M&A”) can be a double-edged sword. When done right, M&A can allow acquirers to scale their businesses and create value through synergies. When done poorly, M&A can result in drastic overpayments for assets that are not nearly as valuable as believed and for economies of scale that are very difficult to achieve.

One of the main risks in M&A is information asymmetry: simply put, the vendor knows much more about its business than the acquirer. While the acquirer is able to perform due diligence, time pressures to close the deal mean that this process can sometimes be imperfect; issues are sometimes missed.  This is where Representations and Warranties (R&W) insurance can come into play.

Read more

Notice requirements for professional liability insurance: Trisura Guarantee Insurance Company of Canada v. Duncan, 2019 NSCA 54

On June 18, 2019, the Nova Scotia Court of Appeal released its decision in the case involving Trisura Guarantee Insurance Company of Canada (Trisura) and Duncan et al. This decision is noteworthy, as it may lessen an insured’s obligation to notify and disclose potential claims, and increase the burden of diligence on the insurer.

Facts

Trisura provided professional liability coverage to Keybase National Financial Services Inc. (Keybase) from July 2008 to July 2012. Gregory Duncan and James White (Duncan and White) were Keybase advisors during this time.

Duncan and White assumed responsibility for John Allen’s (Allen) clients. Allen was also a Keybase advisor.

Read more

Throwing an egg at someone: the hatching of a new legal test addressed in Gilbraith v Intact Insurance Company

Introduction

Many risks associated with driving a vehicle are intuitive; some are not.

Imprecision in identifying the risks of driving influences how insurers assess the value of automobile insurance. A recent Ontario Superior Court decision, Gilbraith v Intact Insurance Company, reminds insurers and insured persons how difficult it can be to properly assess and categorize risk at the outset of an insurance relationship.

This case will likely rise through appellate courts in Ontario, which provides an opportunity for the courts to clarify the risks that an auto insurance policy will reasonably cover.  

Gilbraith v Intact Insurance Company

Stephanie Gilbraith was walking along a sidewalk with a friend when a vehicle approached her from the opposite direction.

Read more