As cyberattacks and data breaches occur with greater frequency and severity, cybersecurity risks pose an increasingly prominent threat for financial advisors, given the sensitive nature of the client information advisors keep on file. But you can take various steps to manage this risk, including with the purchase of a cybersecurity insurance policy.
“Any time that you have confidential information, you are at risk of the information being breached or hacked,” says Roberta Tasson, senior vice president of corporate risk with Magnes Group Inc., an insurance brokerage in Oakville, Ont. “Financial advisors inherit this exposure, as they typically have confidential information about their clients on hand.”
A data breach involves any unauthorized access to confidential information. This can be triggered by a loss or theft of a device containing confidential client information or a targeted attack by a cybercriminal.
The financial services sector’s exposure to cybersecurity risks continues to grow as digital practices and new technological platforms are embraced, says Kevvie Fowler, partner, advisory services, in the forensic practice at KPMG LLP in Toronto.
“[Advisors] are providing their clients with more access to information to view how their investments are doing and, in some cases, to make transfers and trades,” says Fowler, an information security and data analytics specialist. “There are a lot of vulnerabilities associated with the technology [advisors] are deploying.”
A breach can have damaging repercussions for your practice. The costs can add up quickly, including expenses related to identifying and investigating the scope of the breach, notifying clients that their personal information has been compromised, public relations damage control, and legal and regulatory fees, among other expenses. You also could be subjected to a lawsuit.
“You could sustain reputational damage to your business and, possibly, litigation if you are alleged to have caused your clients’ information to be breached,” says Tasson.
You can take several precautions to reduce the risk of experiencing a breach, she says, such as encrypting your data; implementing anti-virus software, firewalls and other tools; using strong passwords; and training employees about the relevant risks and security protocols to follow.
“Having those risk-management steps in place is great because it can help to reduce or avoid a breach from happening,” Tasson says. “Unfortunately, those [steps] are not foolproof. If you would like further peace of mind, you can backstop this business exposure with an insurance product.”
There are different types of insurance that can help you protect your practice against the financial impact of a potential data breach. The two main categories of coverage include: first-party coverage, which covers the costs you incur in dealing with a breach; and third-party liability coverage, which covers any potential litigation that arises as a result of a breach. But specific product features, options and items covered can vary considerably among providers.
“Make sure you understand the different types of attacks that you’re concerned about, and ensure you have the right insurance product,” Fowler says. “Don’t assume that one product fits all, because it doesn’t.”
As the products can be complex, it’s best to consult a broker with expertise in this area, says Greg Markell, account manager for cyber, directors and officers with Hub International HKMB Ltd. in Toronto: “Because of the number of coverages available, it’s very important to go through them and assess your risk, line by line. It’s important to work with your broker to create a ‘bespoke’ insurance solution that’s tailored to your exact needs.”
The cost of premiums on a cybersecurity insurance policy can vary, depending upon factors such as the type of confidential information on hand and the level of cybersecurity risk that your business faces.
“The [insurer] has to have a good handle on what type of confidential information you have and your security protocols,” Tasson says. “Then, a premium is derived based on that, alongside the limit of insurance and deductible desired, and any other coverage extensions that are requested.”
The price of this insurance has come down in recent years as more insurers have introduced products in this space. In some cases, you can access cybersecurity insurance as an optional extension of your errors and omissions (E&O) coverage. If you buy your E&O insurance through the Independent Financial Brokers of Canada’s E&O program, which is brokered by Magnes Group, you have the option of adding privacy and network security breach response insurance coverage for $50 a year.
“Each year, we have more advisors opting in,” Tasson says. “[Cybersecurity insurance] is becoming more popular as advisors see potential exposure to their business operations.”
© 2015 Investment Executive. All rights reserved.