Only about 7 per cent of small businesses – those with fewer than 50 employees – had cyber liability insurance in 2017, according to Statistics Canada.


In this day and age virtually every business relies on data and computer systems to varying degrees. When these systems experience a virus or other computer attack a business can be at risk of losing critical information that can be essential to daily operations.

With that in mind, Aon Risk Management provided a list of 10 compelling reasons why most businesses need a cyber liability policy:

  1. Cyber crime is growing exponentially – in fact it’s the fastest growing crime in the world.
  2. All businesses that hold personally identifiable data and sensitive IP are at risk.
  3. 81% of Canadians choose to do business with a company specifically because it has a good reputation for privacy practices.
  4. The human factor in cyber risk is the biggest cyber threat businesses face today.
  5. Standard commercial insurance policies do not cover you for the risks and liabilities emanating from cyber risk.
  6. You can be held legally and financially liable if third party data is compromised in a breach.
  7. Companies are grappling with new risks such as cyber-crime, and lack consensus on how to best prioritize and respond to them.
  8. Cyber liability insurance helps offset the expenses of what is essentially an unknown cost.
  9. Cyber liability insurance protects you and the sustainability of your business from potentially crippling expenses.
  10. Cyber liability insurance can provide access to specialists and other critical resources, such as IT forensics, legal counsel and credit monitoring.

As noted in the above list, cyber and privacy breach insurance helps protect your business against remediation expenses, business interruption loss and certain legal fees or defence expenses related to the breach. Remediation expenses could include notifying your customers, providing computer forensic services as well as credit and fraud monitoring for your customers.

In addition, some cyber liability and privacy breach insurance packages provide valuable services in the event of a breach including breach counselling, crisis management, notification assistance, remediation service recommendations and media relations consulting.


On November 1, 2018, mandatory breach notification came into force in Canada. It means that if you suffer any type of loss of personal information that causes a real risk of significant harm you will have to report it to the Privacy Commissioner of Canada and notify all individuals affected.

If you don’t, you are subject to fines of up to $100,000 per individual that should have been notified and was not notified.

Click here for further information on your obligation to report breaches.

Click here for further information on your reporting requirements and assessing the real risk of significant harm.

Questions or concerns? Talk to your CMR Broker today for more details or for more information about adding a cyber liability or privacy breach coverage to your commercial insurance policy.