Key takeaways for the insured
Consider industry standards and best practices
- Identify company’s legal obligations under federal and provincial privacy laws, securities laws, and policies and guidelines set out by industry regulators;
- Develop and test an incident response plan;
- Involve senior management, directors and officers, and legal counsel in creating the effective response plan for cybersecurity-related risks;
- Train employees and educate staff so they are aware of their legal obligations;
- Develop and enforce an information security policy; and
- Participate in cybersecurity information sharing programs.
Determine your exposure
most common attacks are social attacks (e.g., whaling), hacking and networking
intrusions, and malware and end user attacks;
- Social attacks are among the most common for senior business executives who have access to the company’s funds; and
- Directors and officers may be held liable in the event of a cybersecurity attack or data breach if they failed to oversee and implement reasonable cybersecurity measures for the company, or failed to comply with any disclosure requirements after a breach occurred.
Obtain cyber insurance coverage
- Businesses should determine what risks are most relevant to their company and ensure they are adequately covered under their insurance policy.