What your client’s modern cyber insurance policy needs

Supply chain or infrastructure-related breaches are going to increase in Canada as organizations shift towards cloud-based solutions or standardized software platforms to run their businesses, a speaker said Sunday at Insurance Brokers Association of Alberta’s Convention 2026 in Banff.

To help counter this potential cyber exposure, a modern cyber insurance policy should include a number of coverages, including network security liability and media liability, BOXX Insurance president Jonathan Weekes said Sunday during a cyber risk session.

Among other things, it should also include coverage for: incident response costs, data restoration costs, direct business interruption and contingent business interruption, ransomware/cyber extortion, and reputation harm/loss of income.

As for network security liability exposure, this is something BOXX is increasingly seeing as more and more organizations outsource their IT infrastructure, support or services.

An example of network security liability is a technology provider that experiences a breach on their end that results in financial loss of their customers, whether it’s because they couldn’t operate or their information was breached and they’ve been sued by their customers.

“This is a coverage that actually appeared on tech E&O policies, long before it was worked into standalone cyber policies,” Weekes adds.

This type of coverage will also provide insurance for organizations that are breached, say by business email compromise, and then that threat actor leverages the company’s infrastructure to carry out an attack against another organization, and that organization sues the breached company. “And this is something that we’re seeing a lot more often,” Weekes says.

Why ‘hybrid’ cyberattacks are an insurance industry threat Image

News

Why ‘hybrid’ cyberattacks are an insurance industry threat

These hybrid attacks impact both first and third parties

3 min read

“Threat actors aren’t necessarily always sending out phishing emails or campaigns from unique domains or whatever,” he says. “They will get in your system, study, see how you communicate with your customers or trading partners, and they will leverage your email to carry out attacks against your trading partners or customers.

“And that’s where you’ll find coverage and cyber policies for that type of disclosure.”

Media liability coverage is another important part of a cyber insurance policy, Weekes says.

He shared a disturbing example of an attack to illustrate the coverage for the audience.

One of Weekes’ clients had a hacker gain access to their system to control their website. The hackers initially posted some defamatory comments about former employees who worked with the organization, because they had gained access to employee files. The hackers posted information about why the employee was let go or why they resigned.

Why now is the time to prepare clients for the next hard market Image

Insights Paid Content

Why now is the time to prepare clients for the next hard market

Many clients treat risk management as an annual renewal exercise. Effective, year-round risk engineering helps them build resilience.

By 

Sponsor Image

“And [the company] was sued by those individuals for defamation of character and slander,” Weekes says. He adds this case showed him that for media liability, it’s not always the actual client who creates that exposure or risk for the organization. Sometimes, it could be a third party.

In this case, the hacker also started to post “child pornography and other really awful things on the company’s website,” Weekes says. “The company ended up having to basically shut down the website.

“They had to purchase a new domain, and had to rebrand themselves as an organization in order to get past the impact of that.”

Jason Contant

Jason has been an award-winning journalist with Canadian Underwriter for more than a decade, including the past three years as associate editor and, before that, as digital editor for seven years.