Business Interruption: the predominant cost driver

Among the various expenses associated with cyber incidents, business interruption has emerged as the most significant contributor to claim costs.² When a cyber attack occurs, companies often face disruption to operations, resulting in immediate revenue losses. The duration of these interruptions can vary, but even short-term disruptions can have long-lasting financial impacts.

A notable example is the global IT outage in July 2024, caused by a faulty software update from cybersecurity firm CrowdStrike. This incident affected approximately 8.5 million devices worldwide³, leading to significant operational disruptions for numerous businesses. Many companies experienced substantial losses due to halted operations and are anticipated to file Business Interruption claims to recover these losses.

Claims investigation and notification costs

Beyond the immediate revenue losses from business interruptions, additional expenses include claims investigation and notification. Investigating a cyber incident requires comprehensive forensic analyses to determine the breach’s scope, identify compromised data, and understand the attack vector. These investigations are both time-consuming and costly, often necessitating specialized expertise.

Furthermore, regulations mandate that affected parties be notified promptly in the event of a data breach.⁴ Notification involves identifying and contacting all impacted individuals or entities, which can be a monumental task, especially for organizations with extensive customer bases. The costs associated with notification include communication expenses, potential legal consultations, and establishing support services for affected individuals.

Cyber extortion: A growing financial burden

Another significant contributor to rising cyber claim costs in Canada is cyber extortion. Ransomware attacks have become increasingly sophisticated, with threat actors encrypting business-critical data and demanding hefty ransoms for its release. In many cases, attackers also threaten to leak sensitive data if the ransom is not paid, further pressuring businesses into compliance.

The financial toll of cyber extortion goes beyond the ransom itself. Organizations must allocate resources to investigate the breach, recover compromised systems, and implement additional security measures to prevent future attacks. Additionally, regulatory bodies often require companies to disclose extortion-related breaches, leading to potential reputational damage and loss of customer trust.

Mitigation strategies

To address the rising costs associated with cyber claims, businesses should consider the following strategies:

1. Employee training - Educating staff on cybersecurity best practices can prevent incidents caused by human error.
2. Robust cybersecurity and regular audits - Implementing advanced security protocols, including regular audits, can help identify vulnerabilities, prevent breaches, and minimize potential damage.
3. Comprehensive incident response plans - Having a well-defined response plan ensures swift action, reducing downtime and associated costs.
4. Cyber insurance - Investing in comprehensive cyber insurance policies can help businesses manage financial losses related to cyber-attacks and extortion events.