The US has experienced a number of high-profile “cyberthreat” or privacy breach cases, including lawsuits brought against Sony and LinkedIn. Testifying before Congress, FBI Director Robert Mueller said cyberthreats will soon surpass terrorism as the country’s biggest threat. It is already a costly one: the average cost of a data breach in 2010 was $7.2 million. There is the perception that such cases simply do not happen in Canada. Most companies do not view privacy breaches or cyberthreats as a major risk because litigation has been muted thus far. These companies do not have comprehensive coverage against such risks, leaving them very much exposed.
The truth is privacy breaches are becoming commonplace in Canada; recently, Calgary-based Telvant was a target of a cyber-attack. The IT company has a hand in managing 60 percent of all gas and oil pipelines in North America and Latin America. Such attacks, says Travis Davies of the Canadian Association of Petroleum Producers, are “the new normal.” The big exposures are for small and medium enterprises, which do not have the resources or processes in place to handle a policy breach. These breaches could be covered by other, general insurance policies, but typically, they are not.