Auto Insurance Home Insurance Recreational Vehicle Insurance Boat Insurance Snowmobile Insurance Saving You Money
JD Smith Insurance JD Smith Insurance Brokers Staff List & Contacts
Commercial and Personal Insurance Solutions Since 1979
Cyber Liability Insurance Plan

Cyber Risk Insurance

$1,000,000 Cyber & Privacy Liability

Commercial Property insurance protects your physical computers, but not the data stored on them.  Commercial General Liability insurance will not cover claims for privacy violations, intellectual property rights infringement or defamation.

Cyber/Privacy Liability offers coverage for your civil liability resulting from data breaches, your own costs to notify individuals in the event of a privacy breach and the cost of actions taken to mitigate a larger liability claim, protection for your financial obligations resulting from a computer virus transmission or hacking, and for system repair and restoration. This coverage extends to paper documents as well as equipment such as laptops, Blackberrys, etc. as well, should they become misplaced.

Coverage includes:

Insuring Agreement A
1st Party - Data Compromise Coverage
w/Incident Response Expert Support
Insuring Agreement B
3rd Party – Liability Claims Coverage
Duty to Defend

No Sublimits For:

  • Data Breach Response (incl. forensics, notification, call centers support, etc.)
  • PCI Compliance Violations (including case management, fines/penalties, fraud recovery, and card reissuance costs)
  • Restoration Costs for Data Asset Damage
  • Cyber Crime (incl. extortion, compromised credentials, telecommunications fraud, & limited electronic funds transfer fraud)

Restoration Periods for:

  • Network Disruption (30 days)
  • Reputational Harm (90 days)

Optional Coverages:

  • Social Engineering (additional premium)
  • Contingent Disruptions (additional premium)

Full Prior Acts Coverage For:

  • Regulatory Investigations
  • Multimedia Liability
  • Privacy Liability
  • Network Security Liability
Insuring Agreement C - Public Relations Coverage
Applies to both 1st Party Data Compromise & 3rd Party Liability Claims
Provides proactive consultations when necessary to inform public of business impersonation
Cyber Risk Insurance
Policies to Manage Cyber Risk

All companies should develop and maintain clear and robust policies for safeguarding critical business data and sensitive information, protecting their reputations and discouraging inappropriate behaviour by employees.

Many companies already have these types of policies in place, but they may need to be tailored to reflect the increasing impact of cyber risk on everyday transactions, both professional and personal. As with any other business document, cyber security policies should follow good design and governance practices—not so long that they become unusable, not so vague that they become meaningless, and reviewed regularly to ensure that they stay pertinent as your business’ needs change.

Establish security roles and responsibilities.
One of the most effective and least expensive means of preventing serious cyber security incidents is to establish a policy that clearly defines the separation of roles and responsibilities with regard to systems and the information they contain. Many systems are designed to provide for strong role-based access control (RBAC), but this tool is of little use without well-defined procedures and policies to govern the assignment of roles and their associated constraints. At a minimum, such policies need to clearly identify company data ownership and employee roles for security oversight and their inherent privileges, including:

  • Necessary roles, and the privileges and constraints accorded to those roles
  • The types of employees who should be allowed to assume the various roles
  • How long an employee may hold a role before access rights must be reviewed
  • If employees may hold multiple roles, the conditions defining when to adopt one role over another

Depending on the types of data regularly handled by your business, it may also make sense to create separate policies governing who is responsible for certain types of data. For example, a business that handles large volumes of personal information from its customers may benefit from identifying a chief steward for customers’ privacy information. The steward could serve not only as a subject matter expert on all matters of privacy, but also as the champion for process and technical improvements to handling of personally identifiable information (PII).

Develop a privacy policy.
Privacy is important for your business and your customers. Continued trust in your business practices, products and secure handling of your clients’ unique information impacts your profitability. Your privacy policy is a pledge to your customers that you will use and protect their information in ways that they expect and that adhere to your legal obligations.

Your policy should start with a simple, clear statement describing the information you collect about your customers (physical addresses, email addresses, browsing history, etc.) and what you do with it.

It’s important to create your privacy policy with care and post it clearly on your website. It’s also important to share your privacy policies, rules and xpectations with all employees and partners who may come into contact with that information. Your employees need to be familiar with your privacy policy and what it means for their daily work routines.

Establish an employee Internet usage policy.
The limits on employee Internet usage in the workplace vary widely from business to business. Your guidelines should allow employees the maximum degree of freedom they require to be productive (for example, short breaks to surf the Web or perform personal tasks online have been shown to increase productivity). At the same time, rules for behaviour are necessary to ensure that all employees are aware of boundaries, both to keep themselves safe and to keep your company successful. Some guidelines to consider:

  • Personal breaks to surf the Web should be limited to a reasonable amount of time and to certain types of activities.
  • If you use a Web filtering system, employees should have clear knowledge of how and why their Web activities will be monitored, and what types of sites are deemed unacceptable by your policy.
  • Workplace rules for behaviour should be clear, concise and easy to follow. Employees should feel comfortable performing both personal and professional tasks online without making judgment calls as to what may or may not be deemed appropriate. Businesses may want to include a splash warning upon network signon that advises employees about the company’s Internet usage policy so that all employees are on notice.

Establish a social media policy.
Social networking applications present a number of risks that are difficult to address using technical or procedural solutions. A strong social media policy is crucial for any business that seeks to use social networking to promote its activities and communicate with its customers. At a minimum, a social media policy should clearly include the following:

  • Specific guidance on when to disclose company activities using social media and what kinds of details can be discussed in a public forum
  • Additional rules of behaviour for employees using personal social networking accounts to make clear what kinds of discussion topics or posts could cause risk for the company
  • Guidance on the acceptability of using a company email address to register for, or get notices from, social media sites
  • Guidance on selecting long, strong passwords for social networking accounts, since very few social media sites enforce strong authentication policies for

All users of social media need to be aware of the risks associated with social networking tools and the types of data that can be automatically disclosed online when using social media. Taking the time to educate your employees on the potential pitfalls of social media use, especially sites with geo-location services, may be the most beneficial social networking security practice of all.

Identify potential reputation risks.
All organizations should take the time to identify potential risks to their reputations and develop strategies to mitigate those risks with policies or other measures as available. Specific types of reputation risks include:

  • Being impersonated online by a criminal organization (e.g., an illegitimate website spoofing your business name and copying your site design, then attempting to defraud potential customers via phishing scams or other methods)
  • Having sensitive company or customer information leaked to the public via the Web
  • Having sensitive or inappropriate employee actions made public via the Web or social media sites

All businesses should set a policy for managing these types of risks, and plan to address such incidents if and when they occur. Such a policy should cover a regular process for identifying potential risks to the company’s reputation in cyber space, practical measures to prevent those risks from materializing, and plans to respond and recover from incidents as soon as they occur.

JD Smith Insurance Brokers Inc. has numerous sample cyber security policies available to our clients upon request. These policies are a great starting point for your policy-creation efforts and can be modified to fit the unique needs of your business.

Amount of
Cyber Insurance
Current Revenues
Your Montly
Premium (Approx)
$50,000 $0-$150,000 $29.25 (Plus 8% PST)
$50,000 $150,000 - $500,000 $41.25 (Plus 8% PST)
$50,000 $500,000 - $1,000,000 $54.25 (Plus 8% PST)
$50,000 $1,000,000 + Call for Quote
$100,000 $0-$150,000 $39.25 (Plus 8% PST)
$100,000 $150,000 - $500,000 $51.25 (Plus 8% PST)
$100,000 $500,000 - $1,000,000 $64.25 (Plus 8% PST)
$100,000 $1,000,000 + Call for Quote
$250,000 $0-$150,000 $49.25 (Plus 8% PST)
$250,000 $150,000 - $500,000 $61.25 (Plus 8% PST)
$250,000 $500,000 - $1,000,000 $74.25 (Plus 8% PST)
$250,000 $1,000,000 + Call for Quote
$500,000 $0-$150,000 $59.25 (Plus 8% PST)
$500,000 $150,000 - $500,000 $71.25 (Plus 8% PST)
$500,000 $500,000 - $1,000,000 $84.25 (Plus 8% PST)
$500,000 $1,000,000 + Call for Quote
$1,000,000 $0-$150,000 $69.25 (Plus 8% PST)
$1,000,000 $150,000 - $500,000 $81.25 (Plus 8% PST)
$1,000,000 $500,000 - $1,000,000 $94.25 (Plus 8% PST)
$1,000,000 $1,000,000 + Call for Quote
>$1,000,000 Call for Quote Call for Quote

Please call our office at 1-800-917-7283 or 905-764-7868 for immediate Information, or to confirm a quotation.  Or send us a request by email. Please include your company name, your name, and telephone number.


RIBO JD Smith & Associates Insurance Brokers Inc.
105 West Beaver Creek Rd.
Richmond Hill, ON, L4B 1C6
Tel: 905-764-7868
Fax: 905-764-9618
JD Smith Insurance
Home Personal Insurance Business Quotes 24/7 Commercial Life & Health Information About Us
  Auto Insurance
Accident Benefits Explained
Home Insurance
Motorcycle Insurance
UberX Insurance
Boat Insurance
Snowmobile Insurance
Builder's Risk Insurance
Health & Fitness Insurance
Professional Liability Insurance
Special Events Insurance
Barber & Hairstylists
Non-Profit Insurance
Photography Services
Application Forms
Camp Insurance
Car & Truck Fleets
Cyber Liability Insurance
Event Application
Marine & Overland Cargo
Non Profits
Retail / Wholesale
School Insurance
Tool & Die
UberX Insurance
Welding & Steel
Windows & Doors
Life Insurance
Life Insurance - Groups
Mortgage Insurance
Critical Illness Insurance
12 Ways to Save
Online Payments
Accident Benefits Explained
Insurance Companies
20 Hot Topics
News & Humour
Winter Storage Tips
Reflection & Encouragement
Code of Consumer Rights
Privacy Policy
Core Values
Broker Advantage
Staff List & Contacts
Staff Video Messages
Job Opportunities
Reflection & Encouragemenet
News & Humour
Car Racing Team
E. & O. E. Disclaimer
© JD Smith & Associates Insurance Brokers Inc., 1999-2023. All rights reserved.
E. & O. E
. Read Disclaimer