TORONTO (December 3, 2018) – Fewer than half of small and medium-sized business owners rate cybersecurity as an important priority, but the risk of cyberattack can be just as significant for SMEs as it is for large corporations, according to the 2018 Canadian SME Insurance Report from Aon, a leading global professional services firm providing a broad range of risk, retirement and health solutions. Released today, the Aon report also found that changes to Canadian and international privacy laws expose SMEs to potentially higher compliance costs and significant liabilities in the event of a data breach.
“It’s easy for SMEs to fall into the trap of thinking they are small enough to fly under the radar of cyber criminals, but this report makes the case that size – or lack of it – is no protection from attacks,” says Rohan Dixon, Executive Vice-President, Chief Broking Officer, Aon. “In fact, many SMEs fail to place a high enough priority on keeping data safe, and that can make them even more attractive targets for malicious attacks and data theft or even human errors. For a business segment that comprises such an important part of the Canadian economy, it’s imperative for SMEs to start paying serious attention to data security.”
“The need for action is all the more pressing because of changes to Canadian privacy laws,” added Dixon. “The new rules could expose SMEs not only to high compliance costs, but also to penalties and potential litigation that could cripple their businesses. It’s time for every company, of every size, to know the dangers and consider solutions that can help mitigate the risks.”
- Cyber risk is one of the biggest concerns for large corporations, but research suggests that fewer than half of Canadian SMEs consider data security an important issue.
- As attacks proliferate, Canadian SMEs that are not taking sufficient steps towards risk mitigation are becoming easy “soft” targets for cyber criminals.
- Canada’s new mandatory privacy breach reporting regulations, which came into effect on Nov. 1, 2018, affect companies of all sizes and make cyber risk mitigation a “whole of business” issue, not just an IT security concern. The new rules raise the potential for increased fines and penalties, on top of the costs of responding to and remediating a data breach.
- Generic insurance policies (such as property, general liability, directors and officers and others) typically do not provide sufficient protection for the many direct and indirect costs that can arise from a cyber breach.
- Given the evolving risk and regulatory environment, SME owners and operator should make addressing cyber risk a top priority.
- Aon Cyber Link is a state-of-the-market cyber policy that matches the risk profile of most SMEs, offering an optimum balance between coverage, premiums and deductibles, while also including an easy access to industry-leading breach response services.