Bolster Cyber Security Measures and Minimize Fallout for Data Breaches

Technology has put businesses around the world in cyber criminals’ crosshairs. This means that it’s not a matter of if your company will sustain a breach, but when.

Statistics Canada indicated that 21% of the Canadian business population were reportedly impacted by cyber security incidents in 2019. The companies which were most impacted are large business (of 250 or more employees), with 43% of them being impacted by cyber security incidents. Small and medium-sized companies have however also been impacted, as 29% and 18% of them respectively faced cyberattacks. Additionally, 3 in 10 organizations have seen a spike in the volume of attacks during the pandemic.

Additionally, the 2020 Cost of a Data Breach Study by Ponemon found that the global average cost of a breach was $3.86 million. In Canada, the average cost of a data breach was $6.75-million per incident in a 2021 report conducted by IBM security. But the harmful effects of a breach extend well beyond financial costs. Consider the hit your reputation will take if your business sustains a privacy breach and your customers’ personal information is leaked, and you don’t appropriately respond.

Create your cyber risk plan

With an inevitable data breach looming, you can take measures to minimize the fallout and your liability exposure. It starts with prevention, cyber insurance and an incident response plan. Specifically, it should list the resources your company needs to respond, steps to mitigate the breach, who should be alerted and what actions to take.

To create your incident plan, the Canadian Center for Cybersecurity recommends assembling a team of IT security experts well before the first breach incident. Your security team should identify and fix any possible vulnerabilities right away. 

Plan for a data breach

If your business experiences a data breach:


  • Stop additional data loss by taking equipment offline and replacing passwords and logins.
  • Reassess your vulnerabilities to mitigate any further breaches.
  • Consult with a lawyer who specializes in privacy and data security. Choose a lawyer who has extensive
    experience in privacy and data security. They will be able to describe any culpability you may have as a
    result of the breach.
  • Notify the police department of the potential risk of identity theft.
  • It’s important to communicate the breach to everyone involved quickly. Alert your employees, partners,
    customers and investors that a breach has occurred.
  • Reassure them that you’re taking the necessary steps to remediate. You’ll probably have to pay for credit
    monitoring to all of the affected account holders. Be transparent about the nature of the breach, how it
    happened and what information was taken. Offer tips about how they should respond.
  • Consider a public relations firm that specializes in crisis communications. This type of firm can craft a
    message and make sure it is consistent and accurate.
  • Consider designating a point person to release information about the breach. You may want to post news of the breach on your website or through a press release.
  • A privacy breach may expose account information like credit card or bank account numbers. In this case, notify the bank or financial company of the breach so they can monitor the affected accounts for
    fraudulent activity.
  • If hackers stole social insurance numbers, alert the major credit bureaus.
  • If you have cyber liability insurance, contact your insurance company as soon as possible. Liability from
    third-party claims will be covered under a cyber insurance policy, sparing you legal fees and damages that may occur as a result of the breach. Many insurance companies will help you with most of the above
    (public response, lawyers and other details).

Minimize your risk exposure

Of course, you can minimize the possibility of a privacy breach by following a few best practices.

  • Enlist a cybersecurity specialist. They can educate you and your employees about how to keep security top of mind.

  • Keep security patches up to date. Many vendors send out security patches regularly, and it’s not always easy to stay on top of them. Automating your patch management programs can help.

  • Train all employees on how to file and store data and how to avoid malware and viruses. Many data breaches happen because hackers trick employees.

  • Consider limiting access to vulnerable websites.

  • Ensure passwords are complex enough so hackers can’t guess them. Require your employees to use passwords that include a mix of numbers, letters and symbols.

  • Create a cybersecurity policy.

  • Beef up network security on Wi-Fi and smart devices.

  • Consider cyber liability (or data breach) insurance. One of the perks that many cyber policies offer is breach response assistance and a duty to defend in a lawsuit.

Reach out to your insurance broker about cyber

Cybercrime is unavoidable in today’s always-on digital world. Chances are, if you haven’t already been victimized, you will someday soon. Be vigilant in protecting your own personal information as well as your customers, partners and employees. Enact strong security policies to mitigate vulnerabilities and create a clear plan of action to detect and remediate a privacy breach.

Your insurance broker is also a great resource to discuss how to protect your business through cyber liability insurance before a breach occurs.