Cyber security insurance can help protect business against Panama Papers-level data breaches

10/06/2016 06:36

In the wake of the release of the so-called Panama Papers, businesses have dreaded suffering from such data breaches that expose their most confidential information. Cyber security insurance, however, offers a way for companies to offset the financial losses following such a disastrous data leak.

The Panama Papers were compiled from data stolen from Panamanian law firm Mossack Fonseca. It was suspected that the data breach was made possible due to a failure of the firm to update its outdated software on the web server.

Certain individuals and companies from across the globe were identified by the Papers for their creation of offshore accounts that allow for tax evasion shenanigans. In Canada, the Canada Revenue Agency recently sought a court order to secure information from the Royal Bank of Canada (RBC) on a select number of its clients who have connections to the controversial law firm in Panama. Notably, the RBC and/or its affiliates have registered 429 offshore companies through Mossack Fonseca.

Data breaches like Mossack Fonseca’s Panama Papers leak can be very costly to business—or could even outright force them into bankruptcy. The costs to plug any weaknesses in a data system can be significant, depending on how severe the leak was. Businesses may also have to spend to repair their damaged reputations, and respond to lawsuits from clients or consumers who have been affected by the breach. Data leaks can also lead to loss of business, costing companies their profits.

Cyber insurance is one method to cover for such losses. According to an article on Mondaq, cyber insurance should cover for “investigation and remediation of the breach, business interruption, notification expenses, public relations and network security.”

The same article advises that while cyber insurance can cover for some of the financial risks associated with data breaches, a business will be well served by a “strong information security and risk management policy.” A proper data breach response plan is also highly recommended, in order to mitigate the damage caused by the leak.

The article reminds that for those businesses that suffered a leak that creates a "real risk of significant harm," they should notify the Privacy Commissioner of Canada of the breach.

Read more