58 LEXPERT MAGAZINE
|
SEPTEMBER 2017
| IN-HOUSE ADVISOR: CYBERSECURITY |
Although Canada, once again, was vir-
tually unscathed by an international attack,
it nevertheless "caught the attention of the
boards of directors," says Matthew Liben, a
partner in the Montréal office of Stikeman
Elliott LLP. And there was no doubt that a
similar response reverberated through the
upper echelons of governments at all levels
in the country.
Among the questions raised in the na-
tion's C-suites was one that, until recently,
had rarely been discussed: do we need cyber
and ransomware insurance to help protect
us if we become the next victim? "e issue
is more of a when, not an if," says Ira Nish-
isato, a partner at Borden Ladner Gervais
LLP. "Attacks on networks and systems are
a daily occurrence for many organizations.
ey range from fairly low-level attacks to
increasingly sophisticated ones that present
potentially serious consequences. I think
it's fair to say, clients in Canada are increas-
ingly aware that no one is immune."
Faced with that chilling reality, an in-
creasing number of Canadian organiza-
tions and governments are purchasing in-
surance to cover or mitigate losses caused
by a breach. "Globally, [cyber insurance]
has been increasing at double-digit rates,"
says Imran Ahmad, a partner at Miller
omson LLP, who specializes in cyberse-
curity. "In Canada, it's been less than stellar
in the recent past, but it has picked up sig-
nificantly. We're having more and more cli-
ents ask about it because the coverage can
be so critical to their business operations."
Canada is "still a nascent market, in my
experience" for cyber insurance, says Dean
Dolan, who focuses on information gover-
nance and privacy in the Toronto office of
Baker & McKenzie LLP. "e vast major-
ity of organizations do not [have it] and the
insurance industry in Canada is having a
tough time pricing it."
Although there is a greater awareness of
the need for cyber insurance in the US —
the number of attacks and the numerous
class-action lawsuits resulting from breach-
es see to that — the market for such insur-
ance "is not as mature as you might hope,"
says Brian Hengesbaugh, chair of Baker
& McKenzie's Global IT/C Data Security
Steering Committee in Chicago. "Over
time it will become something that, as a
board, you want to make sure you have, just
in case. But I think it's still the early days."
e City of Mississauga has cyber and
ransomware insurance, says City Solicitor
Mary Ellen Bench, who is President of the
International Municipal Lawyers Asso-
ciation. It also has a proactive approach to
protecting the city's data, which includes
everything from health-care information
obtained from sporting permits to finan-
cial details provided by vendors and local
businesses. Protecting against voter fraud is
also a priority. "We've not had any signifi-
cant breaches, but we've had a couple of dif-
ferent threats that our IT people have been
quick to shut down fairly quickly."
Although she agrees this kind of insur-
ance can be "hard to price … and can have
a big deductible, I would not classify it as
extremely expensive." In fact, says Greg
Eskins, National Cyber Practice Leader in
the Toronto office of Marsh, the interna-
tional insurance firm, pricing is becoming
VANESSA COITEUX
>
STIKEMAN ELLIOTT LLP
In the last two years,
more and more companies
are asking us about the
process. They're asking
about premiums and making
assessments about how
they're covered in their
current insurance policies,
what they need to cover
and their risk profile.
ILLUSTRATION
BY
GARY
NEILL
