Embed Size (px)
Citation preview
BFL CANADA
Cyber Resilience SME
PROPOSAL FOR SERVICES Non-Binding Indication
IN PARTNERSHIP WITH
2 bflcanada.ca
Vulnerability to Cyber Risks
SMALL AND MEDIUM ENTERPRISES (SME) ARE THE MOST
TARGETED BY CYBER CRIMINALS COMPROMISING YOUR COMPANY
AND YOUR ENTIRE ECOSYSTEM.
YOUR VENDORS Data, services and
personal information
YOUR COMPANY Products, services and reputation
YOUR CLIENTS Data, services and
personal information
CYBER THREATS
Web-based attacks
Impersonation & Stolen devices
Malware, spyware,
ransomware
Human error and negligence
Hackers or rogue
employees
Phishing, impersonation
Reputational
harms
Lost of confidence from your clients,
vendors, contractor and the public.
Loss of data
Proprietary and third party, including
personnally identifiable
information (PII).
Theft of money/ funds
Social engineering and impersonation.
period if you don’t have network and data
Can last for an extended crisis management,
professionnal crissis recovery, fines and breaches, regulatory
Contractual
resources. investigations, lawsuits.
5 Reasons Why You Should Be Concerned
3 bflcanada.ca
WHY DO CRIMINALS COMMIT CYBER CRIMES?
MONEY:
The primary motivation for cyber-crime, like other criminal activity, is often money. Stealing individuals’ information and selling it on the Dark Web can be lucrative for criminals. Over $1B is transacted annually.
HACTIVISM:
The goal is to disrupt a political system. These hackers are sometimes called ‘‘Hactivists’’.
ESPIONAGE:
This involves hacking-for-hire by governments and corporations, and is often focused on
81% 10.3% 5.2% 3.4% Cyber Crime Cyber Espionage Cyber Warfare Hactivism
Source: Verizon | HackerOne | Ponemon
In 2021, businesses will fall victim to a ransomware attack
every 11 seconds. Source: CyberSecurity Ventures
The average cost of a data breach on SME is over $2.2M. Source: Ponemon Institute
94% of malware is delivered by email. Source: Verizon
The average time to identify and contain a breach is 279 days. Source: Ponemon Institute
43% of cyber attacks target small businesses. Source: Ponemon Institute 1.
2.
3.
4.
5.
BFL Cyber Resilience SME:
4 bflcanada.ca
A Comprehensive Solution
BFL CYBER RESILIENCE SME
Offers security services to protect your business, comprehensive insurance coverage
and crisis management services.
COVER & PROTECT — Comprehensive Insurance Coverage
Digital asset replacement expense costs
Business income and dependent business income loss
Cyber extortion costs
Theft of funds due to social engineering event (Impersonation fraud)
Security and Privacy Liability
Media Liability
Regulatory proceedings
Payment card industry demands
Breach Costs
Reputational Harm
*May vary by insurer
Non-Binding Indication
5 bflcanada.ca
LIMIT OPTIONS OPTION 1 OPTION 2 OPTION 3 OPTION 4 OPTION 5
Policy Limit (each claim / event and in
the annual aggregate) $250,000 $500,000 $1,000,000 $2,000,000 $5,000,000
Co
vera
ges
Breach Costs Policy limit Policy limit Policy limit Policy limit Policy limit
Business Income Loss Policy limit Policy limit Policy limit Policy limit Policy limit
Dependent Business Income Loss Policy limit Policy limit Policy limit Policy limit Policy limit
System Failure Business Income
Loss Policy limit Policy limit Policy limit Policy limit Policy limit
System Failure Dependent Income
Loss Policy limit Policy limit Policy limit Policy limit Policy limit
Digital Asset Replacement Cost Policy limit Policy limit Policy limit Policy limit Policy limit
Cyber Extortion Policy limit Policy limit Policy limit Policy limit Policy limit
Reward Payment $50,000 $50,000 $50,000 $50,000 $50,000
Reputational Damage Policy limit Policy limit Policy limit $1,000,000 $1,000,000
Social Engineering Events:
Funds Transfer Fraud $50,000 $50,000 $50,000 $50,000 $50,000
Theft of Funds Held in Trust $50,000 $50,000 $50,000 $50,000 $50,000
Theft of Personal Funds $50,000 $50,000 $50,000 $50,000 $50,000
Claim Avoidance Cost $10,000 $10,000 $10,000 $10,000 $10,000
Liability Coverages:
C
ove
rage
s
Security Liability Policy limit Policy limit Policy limit Policy limit Policy limit
Privacy Liability Policy limit Policy limit Policy limit Policy limit Policy limit
Media Liability Policy limit Policy limit Policy limit Policy limit Policy limit
Regulatory Proceedings Policy limit Policy limit Policy limit Policy limit Policy limit
Payment Card Industry Demand Policy limit Policy limit Policy limit Policy limit Policy limit
General Data Protection
Regulation Proceedings
Policy limit
Policy limit
Policy limit
Policy limit
Policy limit
Pre
miu
m &
Fe
es Annual (not adjustable) including
Website vulnerability scanning fee of $300
Monthly Payment
Premium includes 10% discount for website security scanning protection. Social Engineering Limit options: $100k limit at $500 additional premium;
$250k limit at $1,000 additional premium
Self
-In
sure
d
Re
ten
tio
n /
Wai
tin
g P
erio
d Self-Insured Retention
Each claim, regulatory proceeding, GDPR proceeding, PCI demand, or event
In respect to all Business Income Loss Coverage & Reputational Damage
Waiting Period of 8 hours
NAMED INSURED:
ADDRESS:
DATE:
Non-Binding Indication (Continued)
6 bflcanada.ca
Non-Binding Indication is based on the following information
Industry Type
Annual Revenues
DETAILS
Retroactive date No retroactive date applicable to first party coverages (except for Reputational Damage and Claims Avoidance). Fresh retroactive date for Media Liability Coverage. All other coverages (including Reputational Damage and Claims Avoidance) will be the effective date of the first policy period.
Covered Territory Worldwide
Insurance Broker BFL CANADA
Terms Non-Binding Indication is valid for 30 days.
Coverage is primary over any other valid insurance except for Social Engineering, which is excess of any applicable insurance coverage.
All limits, deductibles, premiums and fees are in Canadian dollars.
Insurer Zurich Insurance Company Ltd.
Cancellation In the event of cancellation, the unearned premium computed pro rata will be refunded.
Optional Extended Reporting Period
1 Year at 100% of the annual premium; 2 Years at 150% of the annual premium; 3 Years at 200% of the annual premium; 4 Years at 225% of the annual premium; 5 Years at 250% of the annual premium; 6 Years at 275% of the annual premium.
Indication This Non-Binding Indication (“NBI”) does not constitute an offer of coverage and terms by Zurich Insurance Company Ltd (“Zurich”). Zurich reserves the right to modify the terms of this NBI, including the premium amounts, if any of the factors used as a basis for this NBI are incorrect or change. Please review this NBI in its entirety and note that terms and condition of this NBI will form the basis on which a future policy could be issued conditional upon the subjectivities listed below.
WORDING Zurich Cyber Insurance Policy as follows:
ZC-SPR-D-300-A CW Zurich Cyber Insurance Policy - Declarations
ZC-SPR-300-A CW Zurich Cyber Insurance Policy
ZC 10045 U-DO Statutory Conditions And General Conditions
ZC 13001 U Trade and Economic Sanction Limitations
SUBJECTIVITY Quote will dependent on the following being addressed prior to binding
Application Fully and satisfactorily complete, signed and dated BFL Cyber Resilience SME application
Incident Response Plan
Evidence of an Incident Response Plan is required.
Economic Sanctions Clear sanctions check conducted at time of purchase by the Underwriters
How Can Cyber Insurance
7 bflcanada.ca
Protect Your Bottom Line?
Damage or Threat to Damage Digital Assets
Example: An employee of a manufacturing company clicks on malicious links and inadvertently downloads malware on company servers encrypting all data and stopping production. In addition, a client’s system is also affected by the malware.
A demand for $1M worth of Bitcoin to be paid in 48 hours for the decryption key is made.
Did you know?
The average ransom demand is $84 000 and rising. The average business interruption is 12.1 days. (Source: Coveware)
Triggered Coverages:
Cyber Extortion Costs
Digital Asset Replacement Cost
Business Interruption
Security Liability
Covered fees:
Forensic investigation cost to locate malware, analyze impact, ensure containment, calculate extent of loss, legal consultation.
Theft of Funds
Example: A finance director receives an email request from the CEO to pay a new vendor $150K for a special project. Details and invoices requested are provided by supposed CEO. Days later it is discovered this request did not come from the CEO. Money wired had already been removed from the account.
Did you know?
Malicious intent account for 51% of security breaches. (Source: smallbiztrends.com)
Theft of funds due to social
engineering event (impersonation fraud)
Covered fees:
Reimbursement of defrauded amount, forensic investigation costs if needed.
Theft of Data
Example: Hackers gain access to a spa’s network due to a programing error. Past and current clients’ and employees’ personal information are compromised.
Did you know?
Regulations impose a duty to inform victims of a breach.
Security and Privacy Liability
Regulatory Proceedings
Business Interruption
Breach Costs
Covered fees:
Notification to affected individuals (in all jurisdictions), ID theft monitoring services, cost to operate call centre, public relations expert, legal consultations.
Cyber Risk Insurance Coverage
8 bflcanada.ca
FIRST PARTYCOVERAGE
Digital Asset Replacement Expense Costs:
Reimbursement for remediation costs to replace, restore, reconstitute, or recollect digital assets from written records and partially or fully matching electronic data.
Business Income and Dependent Business Income Loss:
Reimbursement for the insured’s (1) loss of profit and (2) mitigation and extra expense incurred during the period of restoration as a result of an interruption of service to your computer system or a service provider’s computer system.
Cyber Extortion Costs:
Reimbursement for fees, including forensic expenses, incurred as a result of a cyber-extortion.
Theft of Funds due to Social Engineering Event (Impersonation fraud):
Reimbursement for theft of funds due to transfer of funds by an employee who is acting in good faith reliance upon a verbal, written or electronic instruction by a fraudulent third party that was purported to be a legitimate transfer instruction but, in fact, was fraudulent.
Breach Costs:
Notification costs, breach coach services, credit monitoring, call centre services, forensic response, public relations.
Reputational Harm:
Reimbursement of income loss due to reputational harm resulting from a cyber event.
THIRD PARTY COVERAGE
Security and Privacy Liability:
Loss and defense costs incurred on account of any claim that results from a security event or privacy event.
Media Liability:
Loss and defense costs incurred on account of any claim that results from a media event. A media event may include any of the following as it relates to online or offline content issued by the insured: libel, slander, trade libel, or disparagement; plagiarism; violation of the right of privacy or seclusion or the right of publicity; infringement of copyright, title, tagline, trademark, trade name; unauthorized use of titles, formats, or other protected material; negligence with respect to the creation or dissemination of content.
Regulatory Proceedings:
Loss and defense costs, including payments to a consumer redress fund, incurred in responding to a regulatory proceeding as a result of a security event or privacy event. This includes the costs to respond to regulatory proceeding, including a GDPR proceeding.
Payment Card Industry Demands:
Loss and defense costs incurred in responding to a written demand from either the Payment Card Industry Security Standards Council, payment card association, issuing bank, or acquiring bank alleging noncompliance with or violations of the Payment Card Industry Data Security Standard or a merchant services agreement in connection with the Payment Card Industry Data Security Standard.
*Policy wordings are available on BFL Cyber Resilience SME portal.
Did you know... Over 95% of cyber losses are 1st party losses.
Cyber Security for Online Businesses
9 bflcanada.ca
BFL Cyber Resilience SME includes GamaShield
Innovative Security Technology Secure your website with a technology based on a different backbone and years of experience with hundreds of customers worldwide.
Web Scanner Solution & Malware Detection Identify and eradicate all web vulnerabilities and malware with GamaSec web solutions to maximize customer confidence and increase sales.
Easy to Use and Friendly Interface Get an intuitive view of your web security with our detailed dashboards and take the right steps to improve your organization’s security.
Cloud-based Solution Meet your web security challenges without making upfront investments and hiring expensive highly skilled engineers.
Threat Detection
Daily Malware Scan
— Heuristic Malware Detection — Email Notification Alert — Search Engine Blacklist
Monitoring
— On-Demand Scan & Scheduler
Unlimited website Scan
— Application Vulnerabilities Check — Ports Scan — Full Advanced Vulnerability Scans — SQL Injection Scan — Cross Site Scripting (XSS) — File Change Monitoring — Code Injection attack — Parameter Manipulation attack — Detail recommendation report — Email alerts — 24/7 technical ticket support — Scanner customization — GamaSec Trust Seal
For questions regarding website security scanning services contact GamaSec’s Canadian representative:
Mirades
Mivil Deschênes 514-978-9752 [email protected] miradesinc.com
BFL CANADA Cyber Resilience SME
10 bflcanada.ca
PROTECTING BUSINESSES IS OUR SPECIALTY
Be ready, be protected. BFLCyberResilience SME checks all the boxes:
Risk mitigation resources at your fingertips
Streamlined application
Comprehensive insurance coverage
Reputable partners you can depend on at time of need
Complete post-breach crisis management services
Advanced web-scanning services by Mirades powered by GamaSec
A risk management solution at an affordable price
Demonstrates proactive management and duty of care of directors and officers
CONTACT YOUR
CLIENT EXECUTIVEOR
OUR CYBER SERVICE
TEAM
Quebec
Mélanie Lessard 514-905-4387 | [email protected]
Wilner Laurent 514-905-4355 | [email protected]
Ontario
Roger Hacala 437-828-1150 | [email protected]
Lisa Fortunato 416-915-3453 | [email protected]
Manitoba
Dawn Colquhoun 204-594-0246 | [email protected]
Alberta
Bryan Pitchko 403-398-2433 | [email protected]
Clive Stoner 403-398-2426 | [email protected]
British Columbia
Brad Sieben 778-313-2003 | [email protected]
Mark Skeans 604-678-5428 | [email protected]
Our Trusted Partners
11 bflcanada.ca
Founded in 1987 by Barry F. Lorenzetti, BFL CANADA is one of the largest employee-owned and operated Risk Management, Insurance Brokerage, and Employee Benefits services firms in Canada. The firm has a team of over 750 professionals located in thirteen cities across the country. BFL CANADA is a founding Partner of Lockton Global LLP, a Partnership of independent insurance brokers and agents who provide Risk Management, Insurance and Benefits Consulting services in over 145 countries around the world.
bflcanada.ca
Zurich Insurance Company Ltd is a Swiss insurance carrier that has served businesses worldwide for over 140 years, including over 90 years in Canada as a licensed Canadian branch (Zurich or Zurich Canada). We have proven our commitment to delivering reliable and comprehensive insurance solutions to our customers. All of our passion goes into helping our customers understand and protect themselves from risk.
zurichcanada.com
Mirades is recognized for their expertise in delivering business enabling security services and solutions. Their mission is to protect people, assets and reputation in both the digital and physical arena. They deliver world-class business enabling services and solutions, focusing on risk assessment and mitigation, while managing the performance of the six security pillars: Personnel Security, Cyber Security, Physical Security, Business Resilience and Recovery, Investigation and Security Management.
miradesinc.com
GamaSec is a global provider of website security solutions to detect and prevent website vulnerabilities and data breaches. The company offers a
unique combination of cloud-based website vulnerability identification, web attack prevention, and vulnerability remediation services for peace of mind and resilience every business deserves.
gamasec.com
The term "BFL Canada" throughout this document includes the following entities as: BFL CANADA Risk and Insurance Inc., Financial Services Firm; BFL CANADA Risk and Insurance Services Inc.; BFL CANADA Insurance Services Inc.; and BFL CANADA Consulting Services Inc.
