Cyberbullying Insurance Now Available to Chubb’s Canadian Homeowners Customers

Cyberbullying Insurance Now Available to Chubb’s Canadian Homeowners Customers

Press Release:

Chubb has added cyberbullying coverage to its Canadian Masterpiece® Family ProtectionSM policy to help cover clients and their families from the expenses associated with a cyberbullying incident.

“Technology is an integral part of our daily lives. It connects us and facilitates communication,” said Paul Johnstone, Senior Vice President, Chubb Personal Risk Services Canada. “But technology can also be a gateway to risk. Cyberbullying, including online threats and harassment, can create reputational damage and cause financial loss and emotional harm. Chubb’s new cyberbullying coverage can help protect the people who are most important to you.”

Cyberbullying coverage provides up to $60,000 in compensation to clients and family members for expenses related to harassment and intimidation committed via personal computers, telephones or mobile devices. Clients may recover costs incurred when cyberbullying results in wrongful termination, false arrest, wrongful discipline in an educational institution, or diagnosed debilitating shock, mental anguish or mental injury leading to the inability of the client or a family member to attend school or work for more than a week. The coverage provides compensation for psychiatric services, rest and recuperation expenses, lost salary, temporary relocation services, education expenses, professional public relations services, and cyber security consultants.

Cyberbullying coverage is available to all Canadian Masterpiece® homeowners customers who purchase a Family Protection policy. Chubb’s Masterpiece® Family ProtectionSM policy includes an array of coverages to help families recover and protect themselves from perils including stalking threats, carjacking, home invasion, air rage, hijacking and child abduction.

Coverage is subject to the language of the policies as issued.

About Chubb

Chubb is the world’s largest publicly traded property and casualty insurance company. With operations in 54 countries, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients. The company is distinguished by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength, underwriting excellence, superior claims handling expertise and local operations globally. Parent company Chubb Limited is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index. Chubb maintains executive offices in Zurich, New York, London and other locations, and employs approximately 31,000 people worldwide. Additional information can be found at:


Cyber insurance business booming alongside hacks, but are the risks covered?

Barbara Shecter | Financial Post

That basic yet key ingredient is all but missing in the growing business of cyber insurance, in which business is booming as the list of hacking incidents from Target to Ashley Madison grows. Add to the mix the ever-changing nature of hacks and different levels of security sophistication among companies, and the challenges mount alongside the opportunities.

“There are many unknowns,” said Nick Galletto, cyber risk services leader for the Americas at Deloitte.

Hacks such as the one that hit adultery website Ashley Madison can give an idea of the cost of the fallout of such an event. But that doesn’t come close to providing the depth of data insurers use to create and measure the underwriting standards when they sell protection against house fires, break-ins and car accidents.

Paul Schiavone, regional head of financial lines in North America at the corporate and specialty division of Allianz Group, said the global insurer is writing cyber insurance policies and is excited about the new line of business.

But he acknowledges the relative lack of data makes it difficult to know if the policies are properly calibrated to the risk when it comes to cyber insurance. “It’s difficult for the insurance industry to even price it,” Schiavone said in an interview.

Still, despite the unknowns, companies including his are anxious to be in the game.

“It’s exciting — that doesn’t happen often in insurance,” Schiavone said.

Terri Mason, who heads up Allianz’s professional indemnity and cyber risk business in Canada, said all insurance underwriting is a blend of science, based on actuarial experience, and art, based on assessing less tangible risk-worthiness. But in cyber insurance, it’s “a little bit more of an art at this point because it is so new and we don’t have that historical data that we do in other types of insurance coverage,” she said.

As a result, insurers will generally charge higher deductibles than they would be for other forms of corporate insurance, so the insurer to offset the risk something unanticipated is lurking.

“I think the cyber market will … look quite different in five or 10 years,” she said, comparing it to the early days of widespread insurance for corporate directors and officers insurance, which gained popularity a couple of decades ago. “Right now we’re all still sort of finding our way and learning as we go.”

Cyber insurance dates back to “Y2K” when it was believed the turn of the century might wreak havoc on computer systems and data storage around the world. But those who track the industry said it has grown substantially in the past couple of years along with the list of corporate and government hacks siphoning off private information to disrupt business or extract financial gain.

For now, many insurance policies primarily cover the costs of business interruption, data destruction, and extortion in cases where malware known as “ransomware” freezes workers out of their own company’s systems unless the company pays the hacker.

But coverage is expanding, with some policies now including extra protection for events such as a regulatory claim stemming from data loss or a breach of standards, according to a recent report from Allianz.

Insurers may also cover breaches related to technology belonging to a third party, but this is limited because of the potential accumulation of risk borne by the insurer, and it would only be offered after a detailed risk analysis, often conducted by a third party, the report said.

Deloitte’s Galletto said headline-making breaches at such companies as Sony, Home Depot, and JP Morgan Chase are masking a more serious and potentially more costly form of cyber attack that is just coming to light, bringing with it greater challenges for both companies and their insurers.

Known in the industry as advanced persistent threats, or APTs, these insidious breaches actually dwarf the headline-makers, Galletto said.

“Most organizations are completely unaware that APTs are present in their environments and potentially siphoning their critical data,” he said. He described the tactics as “low and slow” and therefore difficult to detect using traditional methods.

In one case, he said, a company was outbid in the late stages of a planned acquisition because an APT hack had slowly siphoned off key information to a competitor, undetected.

“The crisis management response required to investigate, contain, eradicate, and recover from an APT is significantly greater than a disruption of service or loss of equipment,” said Galletto.

“This makes it difficult for organizations and insurance companies to know how to plan ahead and how to cover costs that they could never predict.”

Companies turn to cyber insurance after Ashley Madison and other high profile hacks

In the wake of the Ashley Madison hack and other high-profile data breaches, Canadian companies are turning to so-called cyber insurance to protect themselves from the fallout of data leaks.

In July, adultery website Ashley Madison made headlines after hackers broke in to the company’s network and leaked customers’ personal information, including their messages to other members and sensitive financial data.

The ensuing class-action lawsuit – and founder and CEO Noel Biderman’s decision to step down in late August – were the latest in a series of incidents that experts say represent a wake-up call for executives about the real-world consequences of digital vulnerabilities.

Duncan Stewart, director of technology research at Deloitte, said the past year has seen a surge in awareness about cyberattacks, and companies are turning to insurers to prepare for what seems an inevitability in an increasingly interconnected world.

“The number of attacks are rising, the severity is rising, and when they come, they’re more difficult to deal with,” he said.

There is no legal requirement for companies to report a hack in Canada, making the true number difficult to determine, but security company Websense said in August 2014 that 36 per cent of Canadian businesses had observed a breach in their IT security last 12 months.

In a KPMG survey of Canadian property insurance executives, data security even beat out unexpected catastrophic events as the third-biggest risk facing Canadian companies in 2015 after regulatory burdens and low interest rates.

Stewart compared significant breaches like the Ashley Madison hack to automobile collisions that result in a total write-off, yet he said companies also require coverage for the small attacks and fender-benders of cybersecurity that happen far more often.

Insurance against cyberattacks is now just a part of the cost of doing business, he said.

“You wouldn’t have a factory and not have fire insurance, so why would you think about not having cyber insurance?”

Technology analyst Carmi Levy said in an email that insurance providers are stepping in to meet the needs of companies as they find themselves handling more and more data on behalf of their clients and suppliers.

“In the process, they are increasingly liable for what happens when hackers manage to break in and snag some of that data,” he said.

Insurance expert Paul Kovacs, president and CEO of the industry-funded oversight body PACICC, said insurance companies are expanding their offerings to provide more than just compensation and protection from liability in the event of a cyberattack.

“When this happens, you are going to need professional help with communications, with forensic investigation, with restoring your systems and putting the protections back in,” he said.

Kovacs pointed to the example of Sovereign General, part of the Co-Operators Group, which offers coverage for privacy breaches, business interruptions, extortion, and data recovery stemming from a cyberattack, as well as crisis management services.

He said companies and organizations used to dealing in sensitive information, such as hospitals and financial institutions, were among the first to become targets and have developed comprehensive cybersecurity policies.

Yet what used to be a concern just for the obvious targets is now a business risk for almost everyone, he said, and it’s not just customer data that’s at risk.

In July, security company Symantec issued a report detailing the “Butterfly” hacking group that it said is responsible for at least 40 attacks since 2012 meant to steal trade secrets and industrial data in order to sell it to the highest bidder.

Kovacs said industrial espionage is spreading out from the large companies that have long been in the crosshairs as hackers become more sophisticated.

“Now, they’re still going after the big companies but they’re going after the mid-size companies and even some relatively small companies,” he said. “The threat is spreading.”


Marsh: More German firms turning to cyber insurance


Reporting by Jonathan Gould and Andreas Kroener, editing by William Hardy

The rising number of hacking attacks is prompting more companies in Germany to seek cyber insurance protection, insurance broker Marsh said on Tuesday.

While cyber premiums in Germany are expected to be worth only around $10 million this year – compared with $2 billion in the United States – the German market is expected to grow by 30 percent per year in the future, Marsh estimated.

“We are seeing a wave of enquiries that will lead to many more contracts in the coming months,” the head of Marsh’s German business Georg Braeuchle told a news briefing.

Many insurers see cyber as a key growth area at a time when premiums in other types of insurance are under pressure due to chronic over supply of insurance availability.

However, insurers are also advancing cautiously and will not cover all the losses a company could face from a cyber attack.

Marsh has brokered 46 contracts so far this year in Germany, compared with 20 in all of 2014, with industrial espionage and hacking attacks – such as one that forced the German parliament to switch off its entire computer system – helping to raise awareness.

“People are more conscious of the vulnerability of their own IT departments,” Braeuchle said, pointing out that interest was coming not just from online companies but also manufacturers, banks and health care providers.

Around 15 insurers are active in the German market, including Allianz, Axa, Hiscox, Ace , AIG, Talanx, Munich Re, XL Catlin and Zurich, allowing individual clients to take out up to 500 million euros ($562 million)in cyber risk cover.

Cyber insurance is still finding its feet in Germany, with buyers and sellers working to get to grips with pricing and risk, but at least one damage claim of nearly 100,000 euros has been paid already in a telephone hacking incident, Marsh said, without giving details.

Credit rating agency Standard & Poor’s on Tuesday said it would not look favourably on banks that relied solely on cyber insurance as protection against hacking.

“We view weak cyber security as an emerging threat that has the potential to pose a higher risk to financial firms in the future, and possibly result in downgrades,” Standard & Poor’s said. ($1 = 0.8897 euros)

Cyber-insurance: What you need to know?

By Roland Hung | Canadian tech law blog

A question that I often get from clients is one about cyber-insurance. In light of the recent passing of Bill S-4, better known as the Digital Privacy Act, the Personal Information Protection and Electronic Act (“PIPEDA”) has now been amended to include mandatory breach notification provisions. While these mandatory breach notification provisions are not yet in force, it is a good time to review your cyber-insurance coverage.

As data breach incidents continue to rise, and legislative regimes provide more and more stringent regulation of data breaches, including the proliferation of mandatory breach notification provisions, the expense associated with data breaches also rises. Estimated costs of dealing with a data breach, even to resolve a potential attack, or an attempted breach, have been as high as $600 000. Costs can be incurred as a result of forensic and investigative activities, assessment and audit services, crisis team management, and the necessary internal and external communications. As these incidents increase in number, scope, and impact, organizations are looking to transfer the risk associated with informational security breaches.

The most common way of transferring risk is by obtaining insurance policies: if the risk is insurable, the risk is transferable. Cyber and privacy insurance has been available on the market for the last decade, covering organizations’ liability for a data breach in which the organization’s or customers’ information is lost or stolen. Marsh Inc., a global insurance broker, said that the number of organizations that purchased cyber insurance in the US increased by 33% from 2011 to 2012, and that cyber insurance is currently the fastest growing area of commercial insurance in the world. Policies vary, with cyber insurance offered as an add-on or included in more generally policies, or sold as a distinct product. Marsh Inc. also noted that the lesser growth of cyber insurance in Canada compared to the US is likely due to the higher number of mandatory breach reporting regimes in the US.


An important preliminary note on cyber insurance is that cyber insurance is often confused with technology errors and omissions insurance (commonly called “Tech E&O” insurance). Tech E&O insurance protectsproviders of technology services or products, such as software designers and manufacturers, whereas cyber insurance protects consumers of those products and services.

Generally, cyber insurance is divided into first party coverage protecting the policyholder, and third party coverage protecting from third party claims against the policyholder. First party policies may cover:

(a) The costs associated with determining the scope of the breach and taking steps to stop the breach;

(b) The costs of providing notice to individuals whose identifying information was compromised;

(c)  Public relations services to counteract the negative publicity that can be associated with a data investigation;

(d)  The costs of responding to government investigations;

(e)   The costs of replacing damaged hardware or software;

(f)    The costs of responding to parties vandalizing the company’s electronic data; and

(g)    Business interruption costs.

Third party policies may cover:

(a)   Liability for permitting access to identifying information of customers;

(b)   Transmitting a computer virus or malware to a third-party customer or business partner;

(c)    Failing to notify a third party of their rights under the relevant regulations in the event of a security breach; and

(d)    Potential “advertising injury,” i.e., harms through the use of electronic media, such as unauthorized use or infringement of copyrighted material, as well as libel, slander, and defamation claims.

Cyber insurance can also cover specifically the crisis stage of a data breach. This could include any expenses related to the management of the incident, such as investigation, remedial steps, required notifications, call and public relations management, credit checks for the subjects of the data, and any legal costs including fines or the costs of running a suit.

Limitations of Coverage: Relevant Considerations

It is important to determine the extent to which your organization’s cyber insurance policy will protect against liability for breaches. Because all insurance policy coverage is dependent on the particular terms and conditions in the policy at issue, organizations looking to obtain cyber insurance should consider a number of questions, including those detailed below. In general, organizations should ensure that their response plan to a potential or actual breach is consistent with their insurance policy.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest