Cybercrimes are an increasing concern in our digital, interconnected society. Even brick-and-mortar businesses use online databases, tools, or software to streamline operations and deliver a better customer experience. For fully online businesses, the risk of cyber fraud is even greater.

Media coverage tends to highlight high-profile breaches with multi-million-dollar enterprise losses, but the risk for small businesses is just as high. In fact, Symantec’s 2016 Internet Security Threat Report found that 43% of all cyber-attacks were targeted against small businesses!

Even with dedicated cyber-defense teams and tools, criminals are finding new inroads to continually exploit businesses. According to the Cost of Data Breach report in 2019, the average global cost for a data breach is $3.92 million. In recent years, companies have focused their efforts to build up virtual defenses and create anti-theft digital security, but that’s only half of the equation.

Cyber insurance coverage is a growing industry, and insurance companies are working to help businesses cope with the new challenge of cyber-threats. Initially, cyber policies only covered the most basic third-party losses, including network security liability, unauthorized data access, and failure to prevent malicious code. However, the impacts and risks of cyber-crime vary widely, so insurance companies are stepping in to provide more options.

                If your company is targeted by hackers or a phishing scheme, you will likely lose so much more than just raw data:

  • How will your brand’s public perception suffer?
  • Will you lose time and resources with business interruption during the cyber cleanup?
  • Are you willing to pay cyber-extortion fees to a hacker in order to regain control?
  • Can a client sue you for damages if their information is stolen from your database?


Cyber insurance policies are complex with a wide variety of coverage options and service extensions. As you begin the search for appropriate coverage, here are just a few of the decisions that you need to make in order to protect your business’ digital assets:

  1. Stand-alone or extensions? A stand-alone policy may be more comprehensive with a specialized insurance provider.
  2. How high are deductibles? Weigh the trade-off between upfront affordability and high incident deductibles.
  3. General or targeted attacks? Look for a policy that will cover any attack that you fall victim to, not only those that target your business directly.
  4. E&O overlap? Some E&O insurance and cyber policies include similar coverage, like non-malicious employee actions.
  5. Does it cover social engineering? Fraudulent instructions and phishing are very different than a standard data breach, and so is the coverage.
  6. Third-party or first-party? If you store confidential information for clients, you also carry potential liability in a data breach.
  7. How long is the reporting period? Many phishing attacks happen over the course of months or years, so rigid short-term timelines could be limiting.
  8. Business interruption coverage? First party interruption coverage can bridge the gap after expenses and lost time or revenue.

As an independent insurance agency, we don’t believe in a ‘one size fits all’ approach. If you’d like more information about cyber insurance and how it can help protect your business, feel free to contact Steve Zambrano at Zavano Insurance Services.



Steve Zambrano

Managing partner


Commercial | Personal | Life | Group Benefits | Bonding

100 Drumlin Circle, Suite 101 | Concord, ON | L4K 3E5
Direct: 905-660-8277 Main: 905-660-9740 x ext | Fax: 1-855-357-5814


Curious about CyberSecurity?

Join our newsletter