When it comes to protecting against cyberattacks, identity theft and other digital crimes, Canadians have been hearing the same advice for years: vary your passwords, use two-factor authentication and consider a virtual private network to mask your location.
Yet tens of thousands of Canadians fall prey to cybercrime every year, so some are adding a new tool to their arsenal: personal cyber insurance.
Depending on the provider and plan, such coverage may include everything from the unauthorized use of bank accounts or credit cards to counselling and social-media monitoring in the event one is cyber bullied. Some plans help with restoring data and access to computers or digital home systems. Others give customers professional help if someone is trying to extort them online.
While insurance covering these kinds of incidents is still relatively new, interest in it is growing in tandem with the number of cybercrimes, insurance and online crime experts say.
Statistics Canada data show the number of police-reported cybercrimes in the country hit 74,073 in 2022, up from 71,727 in 2021 and 33,893 in 2018. (Experts have long said cybercrime is underreported because of the stigma and embarrassment that can be associated with being duped.)
“You can be the most careful person in terms of online security, you can be doing everything right … but the fact remains that as careful you may be, you can fall victim to a cyberattack through no fault of your own,” said Carolyn Boris, vice-president and product developer manager of insurer Chubb’s personal risk services.
In a 2022 survey of 1,605 Canadians and Americans, Chubb found 39 per cent, or two in five respondents, had purchased a personal cyber insurance policy.
Chubb has been offering such insurance since 2017. Through the company, Canadians can purchase insurance that will replace lost or stolen digital property or money from attacks and ensure customers have a place to go, if their home is made uninhabitable. Chubb also has coverage that pays expenses related to hiring public relations, legal and digital forensic firms to aid in the recovery from cybercrimes.
Customers can opt for as little as $25,000 in coverage or as much as $500,000. They pay as little as $127 per year “and it goes up from there,” Ms. Boris said.
The number of people opting for the insurance has steadily ticked up and Ms. Boris expects that trajectory to continue as cyberattacks show no signs of slowing down and begin to make use of advances in generative artificial intelligence.
Molly Reynolds, a partner at the Torys LLP law firm, first heard about cyber insurance about two years ago and noticed it was predominantly in the U.S. and, in some cases, offered as part of a home ownership policy.
The coverage is “definitely nascent” and the bulk of attacks target businesses rather than individuals, but she still foresees more people taking out personal cyber insurance policies.
“I don’t know if it will be wildly popular across the whole population, but you can imagine people in particular industries or, for example, people who are very high net worth, running family companies, where they have almost business-level cybersecurity risks, [would sign up for it],” she said.
Social-media influencers may also benefit from such insurance products, especially if it covers loss of income or interrupted access to accounts or devices, Ms. Reynolds added.
But she warns people interested in the insurance that “a lot of the really serious consequences of cybercrime aren’t compensable through insurance.”
“A lot of the harm is really around reputational, emotional and sort of intangible categories, where the insurance isn’t going to help that much,” she said.
Still, Nesha Baggan-Belasco maintains personal cyber insurance can be worth it, especially when you compare “the amount you’re paying every month compared to what you could possibly lose.”
“You see the examples on the news every single day of people being taken advantage of just for simply logging on to the wrong website,” said the senior manager of product development at Aviva Canada’s personal insurance business.
“They thought they logged on to their bank website and it’s actually not a bank website, and their account has been wiped. This is becoming more and more common, unfortunately.”
Aviva Canada began offering personal cyber insurance last August. Its coverage has a starting price of $6 per month and offers help with online fraud, computer and home systems attacks, identity theft, data breaches and cyberbullying and extortion.
Because the coverage is so new, Aviva Canada is still getting a sense of who their most likely customers are and what their top claims will be, Ms. Baggan-Belasco said.
Worried about a cyberattack? Here are tips to help protect your digital assets
The number of cyberattacks victimizing Canadians has been steadily growing over the past decade and is projected to keep rising.
While anyone can become a target for nefarious attacks, there are a few steps experts say Canadians can take to protect themselves.
- Be careful where you enter your log-in information: Be wary of e-mails or links you click that bring up log-in requests. Hackers are known to spoof log-in pages and send them around, hoping someone will mistakenly fill their account information in. Carefully review the URL of the webpage seeking your information to ensure it is real and not a variation of the company site.
- Vary your passwords and don’t reuse them: Passwords should not be easy to guess or used across more than one account or website because if log-ins for one site are leaked, hackers can easily use them to gain access to other accounts.
- Use passkeys, when possible: Passkeys are a digital credential that can unlock accounts with a mere flash of your face or fingerprint scan on your phone. They are often more secure than passwords because there is no string of characters, numbers and symbols to memorize, making them harder to hack. They don’t need to be changed, can’t be stolen by someone guessing or peeking over your shoulder and there’s no way to accidentally use one on the wrong website.
- Consider a password manager: Password managers generate strong, unique passwords for each service you use, storing them in an encrypted account for easy use and cutting out the need to memorize a long list of log-ins.
- Use multifactor authentication: This method requires users to approve their log-in attempts with a second round of verification, typically a code sent by e-mail or through text. Multifactor authentication can help users thwart unauthorized access to their accounts.
- Use a virtual private network: VPNs help users maintain their anonymity by masking their location, making it more difficult for others to monitor or intercept their online activities.
- Review your bank and credit-card accounts regularly: Taking a peek at these accounts frequently can help you uncover unauthorized charges, which likely indicate your account has been compromised.