Cyber security and online shopping icons over top of a man using a laptop

Cyber insurance for public sector retail operations

March 31, 2022

Cyber insurance for public sector retail operations

5 Minute Read

As a public sector entity, it’s important to ensure your cyber insurance policy covers what you need, and not more, keeping costs down and coverage realistic.

Ontario Insurance Advisory Lead

Although property insurance has been around for centuries, with policies that have been refined throughout that time, cyber insurance is a relatively new concept for many organizations. Yet, as cyber crime increases in frequency and sophistication, risk management in the public sector often falls behind in securing insurance policies to mitigate the threat – to assets and to stakeholders.

A simple click of the mouse could open your organization to a system breach that exposes personal, financial, and operational data to criminal elements. Cyber security measures can reduce the risk, but will your insurance cover losses incurred by a cyber attack? Does the policy address key exposure points and is the coverage enough or too much – important considerations for any organization.

Connect with a trusted cyber security advisor to assess your exposure, identify risks and strategies to reduce them. If your organization has a cyber policy, consider an independent review to assess what your coverage does and does not cover, and how to best protect revenues and reputation.

The assessment process

An insurance review typically starts by securing a copy of the policy. The independent insurance advisor will review the policy against your business or organization and highlight any gaps or excesses.

For example, your policy might include coverage against the impact of an extortion or ransomware attack where cyber criminals hold your organization’s electronic data hostage until a ransom is paid. However, almost no government agency or department will transact with criminals, making such coverage superfluous for the public sector.

The team will discuss what your exposure is for revenue, hardware, and communications, in other words, what you stand to lose in the event of a cyber breach affecting operations. If your department has legacy hardware that is no longer available, does the policy allow for a replacement to like kind and function hardware instead of the exact models?

Privacy concerns and risks

We recently completed a review for a government-run cannabis retailer that wanted to, as many in the sector do, update their insurance in the face of increased cyber attacks. As the legal cannabis industry is relatively new and growing, with little historical information, insurance coverage can raise questions and concerns. An independent, experienced insurance advisor can support the sector, now and into the future, determining current needs and ensuring policies can grow with demand.

They will look at any existing policy, and build a model based on assets, what risks apply, and how if any restrictions apply. The plan will be developed on what coverage is required now and include projected growth to cover future needs.

In the case of retailers, losing personal client data in a cyber breach is a major area of concern. An insurance advisor could suggest expanding coverage in that area – however, as noted above, provincial and territorial governments restrict any payment. Coverage for ransomware should be removed entirely, making the policy realistically suited to the retailer’s needs.

It is also important to note state-sanctioned acts of cyber terrorism are not covered by any insurance policy.

How is coverage determined

Payments towards cyber business interruption insurance are based on a percentage; the percentage is calculated by taking the net income and continuing expenses of the business in a normal period and comparing it to gross revenues. The question becomes what sort of coverage do you need as the business’ income increases?

For the sake of round numbers, say your business’ income this year is $10 million, but in two years, you project an income of $50 million. What your limits are under the coverage today would still be in place in two years unless you’ve updated the limits. Your policy may have enough coverage for 10 days of revenues and downtime today, but only three days in the future. If you still want 10 days worth of coverage, you will need to update and increase your limits accordingly.

Stay updated

Understand what your situation is now but be prepared to change tactics quickly. For example, new legislation could impact an existing business model, increasing risk under an existing insurance policy. Having a model you can update allows you to plan for changes, and understand how revenue and policy changes could impact the business, before they happen.

Regular reviews are key to success. A comprehensive review of your insurance policy by an insurance advisor every two to three years will ensure current policies and status are incorporated, and that your organization is up to date in coverage.

A cyber breach can debilitate an organization or business; having the right cyber security insurance – one that addresses revenue, assets and other issues – can reduce the loss, and mitigate damage.

Contact us

To learn more about how MNP can help your organization, contact Stephen Dodd, MBA, CPA, CMA, Ontario Insurance Advisory Lead.


  • Agility

    May 17, 2022

    The power of putting people first

    For your organization to thrive in a modern and competitive workforce, you may need to shift your mindset and your approach towards employee satisfaction.

  • Agility

    May 13, 2022

    [Listen] Digital transformation and the path to stronger, safer, and more efficient cities

    Digital Services partner Wendy Gnenz visited Municipal World’s MW Presents Podcast to discuss how technology is shaping the present and future of Canadian municipalities.

  • Agility

    May 13, 2022

    Real estate and construction: Insights from Federal Budget 2022

    The Federal Budget 2022 proposed a number of business and personal tax measures that will impact the real estate and construction sector. Melissa Aveiro, MNP’s Real Estate and Construction tax lead, discusses what the 2022 Federal Budget addressed – and what it did not.