The cost of a data breach is going up with Digital Privacy Act amendments
The Digital Privacy Act amendments that alter PIPEDA (Personal Information Protection and Electronic Documents Act) came into effect November 1st, 2018.
The amendment makes it mandatory for any company that experiences a data breach to report it to the Privacy Commissioner of Canada and any potentially impacted clients, employees and suppliers.
Many transportation companies think this does not affect their business for a few reasons. Reasons include things like “we do not process credit card transactions”, “we are too small”, “we do not interact with personal data”, and “we deal only with other businesses.” Any person with a device on the internet – including computers, tablets, cell phones, payment devices and more – can be hacked.
For companies that do not think they really handle customer data, consider the recent breach of Canada Post. Over 4,500 customers of the new Ontario Cannabis Store (OCS) had the information breached. It wasn’t the OCS that was breached, however, it was Canada Post. Fortunately for Canada Post, they are a government entity.
What do you think would be the impact if it was your company that caused a public breach of privacy like one caused by Canada Post?
Imagine the reputational or monetary damage caused if somehow your business was responsible for the lost or stolen data of one of your clients?
What is the cyber risk to my trucking company continuing operation?
A scary fact to consider is that one in FIVE small-to-medium sized businesses have experienced a cyber-attack. Of those that fall victim to a breach, 60% are out of business within six months. That is an alarming statistic.
As a society, phenomenal changes are being made with technology. As technology advances, modern thieves are keeping a few steps ahead. Creating malware, phishing, social engineer IS their business. Their focus is to seek out vulnerabilities and attack them. The most common still is human error. Hackers seek opportunities to trick and manipulate employees. Smaller businesses are easier because their security, training, and checks and balances are not as tight as larger organizations.
Protecting the future of your business operations comes down to risk management. You have three strategies – either accept the risk and do nothing, take action to mitigate the risk, or transfer the bulk of the risk. We suggest a combination of the latter two. Accepting the risk is a sure-fire way to eventually be destroyed by the risk.
In our webinar with Darnley Greson of DarnIT Group, we cover some of the most frequent cyber data breach occurrences. I suggest viewing the webinar in its entirety and completing your own cyber security health check.
Is it time to consider cyber insurance for my trucking operation?
I also strongly recommend transferring the risk by way of a Cyber Insurance policy. Many businesses still do not know this is an option and many are surprised when they discover the very reasonable premium. Beyond insurance to cover the cost of a breach, cyber insurance also provides you access to experts to help mitigate reputational damage and, if possible, get the data back as quick and as smoothly as possible.
Chubb Insurance, one of the leaders in cyber security insurance, has a troubling statistic on their website. Over the past 20 years, almost 58 million policy holders have been exposed to a cyber breach. That number is astounding and intimidating.
Please contact us to discuss if a cyber insurance policy has not been initiated. Determining the premium for your business is a prudent business move. The application will also provide you with great insight on best practices for your business and will highlight any major exposures that you can take proactive action on now.
It is better to make an informed decision than make no decision. Let us support you in your business success.