At Blaney McMurtry, our clients and their policyholders regularly face the uncertainty of evolving cyber risk. While an element of chance is present in most business endeavors, cyber and electronic risks pose particular challenges as they are singularly difficult to predict and quantify. Breach by hackers was widely regarded the most significant electronic risk in Canada few years ago, before recently being supplanted in degree of concern by ransomware and denial of service attacks.
It is no longer simply the breach or attack itself which is of concern, but also the knock-on effects. Are businesses sufficiently protected against business interruption if their systems must be shut down for a few days (or more)? What if one of their key suppliers cannot operate due to a cyber event? Are they protected against such contingent business interruption? Are systems sufficiently secured and insured against physical results of cyber-attacks?
The scope of data-risk is also growing. Business now faces legal exposure arising not only out of loss of information, or access to systems. There is now growing concern relating to potential liabilities emerging from the way businesses use the personal identifiable and confidential information they have legitimately collected. Has their disclosure to their customers about what information they collect and how they intend to use such information been sufficiently transparent? Is the customer consent that they received sufficiently broad to allow them to make use of the collected data? Privacy laws in Canada are moving to reflect legal reforms elsewhere, including the GDPR. Privacy risk is expanding.
Management of these risks must now be regarded as a core business operation. Data security and privacy concerns must now be built into every facet of day to day business. This reality will only grow more clear as digitalisation of business operations increases.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.