Over the last decade, organizations have increasingly relied upon cyber insurance policies to protect themselves from the impacts of a cyber related loss. In this article we will discuss what can be covered and why it is important for web3 companies to incorporate cyber insurance into their risk management strategy.
Cyber Losses are on the rise
There has been a steady and alarming rise in the number of cyber attacks carried out on organizations around the world. In fact, cyber security experts at Check Point Research have noted that global attacks increased 28% in the third quarter of 2022 when compared to the same period in 2021. This follows a similar precedent set last year, where cyber attacks increased 50% over the year prior.
Unfortunately, Canada is not excluded from these statistics. As per a recently released StatsCan report – just under one-fifth of Canadian businesses were impacted by cyber security incidents in 2021 alone. Of those impacted, 11% claim they were hit by a ransomware attack whereby cyber criminals demand payment to regrant system access and/or prevent the release of confidential information.
The Costs of a Cyber Incident
While the cost of a breach can vary between the type of attack, industry, data and number of records affected – we can all agree that cyber incidents are expensive. In their latest cyber security report, IBM states that Canada is third in the world for the highest average cost of a data breach at USD $5.64 million.
It is easy to overlook the financial impacts associated with a cyber incident. Aside from detection and network investigative costs, organizations must take remediate actions and notify affected parties while incurring system downtime, possible reputational damage and foregone revenue. Companies must also ensure that they remain in compliance with the data privacy and incident reporting requirements across the various jurisdictions they service.
Cyber Liability Insurance for Blockchain & Web3 Organization
Insurers around the world have stepped up in response to the increased threat and financial impacts of a cyber incident. They have continually developed innovative coverages that respond and adapt to the complex techniques employed by cyber criminals around the globe. This holds especially true to the increased risks facing those organizations that operate within the web3 ecosystem.
Types of Cyber Insurance Coverage Available
Below are a few of the main cyber insurance coverages available today:
3rd Party Network & Information Security Liability
Regulatory defense and fines
PCI Fines and Assessments
Funds Transfer Liability
3rd party Property Damage & Bodily Injury
Breach Response Costs – forensic fees, notification & legal expenses
Ransomware & Cyber Extortion
Direct & Contingent Business Interruption resulting from a breach
Digital Asset Restoration
Reputational Harm & Repair
Funds Transfer Fraud & Social Engineering
Computer Replacement & Bricking
Web3 Cyber Claims Examples
Oftentimes, we find it best to illustrate how a cyber policy would respond in the event of a loss.
1. Data Breach – Sensitive Client Information
A prominent Canadian crypto exchange discovers that a hacker has gained access to their database, exposing the personal information of approximately 300,000 registered users on their platform. In this circumstance, the exchange could elect to employ breach related coverages from their cyber policy. This would cover the cost of a crisis response coach, forensic investigation and any related data restoration or network repairs. They would also want to cover the cost of required user notification, credit monitoring and any other steps required to ensure regulatory compliance.
In addition, the company may also want to claim for lost revenue as a result of any downtime. This would fall under their cyber policy's business interruption coverage. Finally, there is a lesser known coverage available under some cyber offerings known as reputational harm and repair. As the name suggests, this would cover the costs to mitigate reputational loss following a cyber breach. This may include the cost of a PR firm and media purchases along with any resultant loss of revenue stemming from reputational harm.
2. Ransomware Attack – Cyber Extortion
An NFT video game development company relies upon their computer system to store and develop their company’s digital assets. One morning they realize they are unable to access their system and that a critical component of their data has been encrypted. They then receive a message from a known hacking organization demanding they pay a ransom of 200 BTC in exchange for the decryption key.
The company would then rely upon their ransomware, cyber extortion and related coverages to protect themselves from the financial impacts of this event. This would include employing a team to evaluate and respond to the threat. Such team would be comprised of a number of parties including specialized legal counsel, crisis response and investigative firms.
If it is determined that the encrypted data is unrecoverable, the insurer would then take the necessary steps to recover the data and make the insured whole. This might include payment of the demand on the insured’s behalf. As with the above example, the insured may also claim business interruption and/or reputational losses as a result of the downtime.
Interested in a Cyber Exposure Evaluation?
Overall, cyber insurance is an essential tool for businesses that want to protect themselves against the financial, operational, legal, and reputational costs of a cyber attack or related digital threat. We understand that an organization’s exposure to cyber loss is not always back and white. Our team is available to perform a comprehensive cyber analysis on your organization and discuss what insurance solutions are available.
Please reach out to us directly at (416) 708-8201.