How Canada’s data breach reporting law can help brokers sell cyber based on facts, not fear

Canada’s forthcoming implementation of mandatory data breach reporting may create an opportunity for the country’s commercial brokers to have conversations with their clients about cyber insurance risk based on concrete data instead of fear, a Marsh Canada broker says.

Improved cyber risk data arising from breach reporting would give Canadian brokers “the ability to frame the discussion [with clients] in a way that relies less on people’s concerns and fears, and more on some objective quantification of what the risk might look like to an organization,” says Gregory Eskins, national specialties and cyber practice leader for Marsh Canada Limited.

“Being able to quantify the risk, to determine a risk appetite or a risk tolerance, once it has been quantified, goes a long way in helping [the client] make the decision about whether or not insurance is going to be of any utility to the organization,” added Eskins.

Eskins advised on the creation of a panel on cyber insurance and resilience for the 4^th annual International Cyber Risk Management Conference (ICRMC). Sponsored by MSA Research, the ICMRC takes place at the Metro Toronto Convention Centre…