>
By subscribing to our newsletter you agree to receive periodic e-mails from Dubé Latreille Avocats Inc.
An error has occurred. Please try again later.
In order to keep pace with the best in the legal profession, our team at DUBÉ LATREILLE pays close attention to the most recent developments in the practice of law as well as the unfolding of modern technology for the sole purpose of offering to our clients the most practical and reliable of legal services.
In addition, our lawyers stand out for their seriousness, sense of justice and ethics. Our no nonsense approach focused on finding practical solutions to seemingly very complex and antagonizing legal situations aim at developing lasting relationships with our clients, relationships based on trust and mutual respect.
MicroAge is one of Canada's largest IT solutions providers with 30 locations across the country.
On May 2, 2023, during its annual conference in Montreal regrouping approximatly 100 delegates from coast to coast, I had the pleasure to deliver a presentation on some of the issues and pitfalls of Service Agreements in daily operations. I also underlined the new obligations under Law 25 which is strongly impacting businesses and organisations doing business in Quebec (and likely to be followed by other jurisdictions) with compelling dispositions to better protect Personal Identifying Information. Though privacy laws mean more compliance to contend with, they also provide IT service providers with a strong argument to convince their clients to better protect not only the personal data they hold but also "all" of their corporate data (commercial secrets, intellectual property, etc.).
Many thanks to its president, Phil Palmieri, and Maria Fiore for the opportunity to meet a formidable Team!
Nowadays, most specialists will tell you that relying of cyberinsurance is an essential "component" in mitigating the risks organizations face in the Digital Age. And they are right, of course. But, given the complexity of this new reality, the burning question is: can you rely on your cyberinsurance policy? Here are some considerations.
First, with the sharp rise in cyberincidents worldwide (in particular with Ransomware), it now takes at least half a day to fill out an application for cyber insurance with the assistance, preferably, of your IT specialist and your legal counsel. This is serious business since any "mistake", omission or misleading information may result in a denial of coverage with disastrous consequences.
Second, considering the potential damages involved in a cyberattack (operational downtime, delays in the supply chain, loss of revenues, personal information leakage, reputational damage, specialists costs to manage and resolve the crisis, costs to restore the network, ransom payments, non-compliance fines, lawsuits from clients, partners, employees, shareholders, etc.), it is essential for an organization to carefully identify the risks it is exposed to in order to get the appropriate insurance coverage it needs. Otherwise, when a incident occurs, the cyberinsurance might prove shockingly useless.
Third, it is paramount to understand the nature and the scope of the exclusions listed in a cyberinsurance policy to ascertain whether the coverage provided will adequately meet the needs of an organization. In so doing, it is important to keep track of the constantevolution of the cyber lansdscape and its potential impact on insurance issues. The claim (see link below) made by Mondelez International against Zurich American Insurance is a telling example. Essentially, Mondelez was informed that despite the fact it was covered for ransomware attacks, the Insurer would not provide coverage because the means used for the attack, "NonPetya", was considered to be a weapon of war (Russia) and therefore came under an exclusion (damages caused by an act or war..).
In light of the above, though Cyberinsurance is an important element to mitigate risks, it is certainly not a stand-alone option. It must be part of an overall strategy and handled with the utmost care and caution.
#cybersecurity #cyberattack #insurance #strategy
Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit
The government of Quebec recently established the "Ministry of Cybersecurity", a first in Canada, which was entrusted to Eric Caire, newly sworn in.
One can wonder about the relevance and usefulness of this ministry, which will be able to rely on considerable resources. However, when we consider the significant devastation that businesses and organizations in Quebec suffer daily due to cyberattacks, the number and severity of which are increasing, this is a significant gesture that demonstrates the will of Quebec authorities to curb a clear and present danger that threatens our economy by attacking our data (theft, ransomware, etc.).
This ministry alone will not be able to solve all the problems inherent to cybercrime. However, it could have a decisive impact on a large number of businesses in Quebec by soliciting their support and acting with them as a vector of awareness to help them, in particular, to comply with Bill 64 and ultimately to become more proactive, resilient and competitive.
Best wishes for success to Minister Cairo and his team!
In 2021, the vast majority of Quebec companies rely on computers and the Internet to communicate, transact and - ultimately - to remain competitive in business. You only need to experience a simple interruption in service (electricity or Internet) to see how much your operations depend on this technology.
However, what resources does your company set aside to protect its computers and data against theft or cyber attacks? Sooner or later your board is going to have to address this issue or rest assured that others will eventually do it for you. Indeed, with the proliferation of data thefts, the growing number of "digital hostage-taking" (ransomware), and other harmful and costly disruptions used by criminals who exploit the weaknesses of the web, two phenomena are emerging in all industries.
The first is a growing concern over the management of personal information. The recent adoption of Bill 64 by the government of Quebec, last September, according to which private and public organizations will henceforth have the obligation to ensure the protection and confidentiality of personal information under pain of severe fines, is evidence of this trend.
The second phenomenon, closely associated with the first, is the growing tendency of organizations to require from their business partners (in addition to compliance with the law, such as Bill 64) rules of governance and standards pertaining to IT protection and cybersecurity. This is increasingly seen in contracts (see attached article). This measure aims to minimize the risk of IT incidents likely to interrupt a company's operations, lead to legal proceedings, damage its image, affect its insurability, impact the value of its shares, etc.
In the Digital Age, IT security and cybersecurity have become critical operational issues. It is therefore most pressing for any company to ensure the security of its data and information systems in order to earn or maintain the trust and interest of its business partners.
Pas de contrat sans conformité cybersécuritaire - Les Affaires
Cyberattacks are costly and potentially devastating for businesses and organizations alike. Yet, despite the headlines that often remind us that cybercriminality is a growth industry, very few of them have actually purchased cyberinsurance coverage although it constitutes a key element in any risk management strategy pertaining to cyberthreats.
As time goes by, access to cyberinsurance is likely to become more difficult. To begin with, the field of cyberinsurance is still a relatively new market. As a result, it is constantly evolving. For example, the forms that used to take a few minutes to fill out in a request for cyberinsurance now require well over an hour and often includes several technical questions that necessitate the input of IT specialists, Given that any inaccurate declaration might cause the insurer to decline coverage, this is a risk no organization should expose itself to.
Second, the nature cyberinsurance itself is becoming more and more sophisticated. You cannot just buy "cyber-insurance"; you need to determine precisely what your needs are. Those may include coverage for ransomware, forensic investigations, lawsuits, data breach notification expenses, regulatory investigations, lawyers and consultants, remedial measures, third-party liability, etc. In light of the above, to insure proper coverage, a serious analysis of an organization's risks and exposure must be conducted beforehand.
Finally, the constant rise of cybercrime has induced, necessarily, a sharp increase in claims. As a result, to offset their costs, insurance companies tend to review their offers accordingly by adding exclusions, by reducing the scope or value of their coverage, or by increasing the insurance premiums. As the article annexed hereto suggests, those premiums are expected to double by 2023!
With the recent adoption of Bill 64 in the province of Quebec, it is to be expected that the trends described hereabove will continue and that the demand for cyberinsurance will increase as organizations become more aware of the risks they are exposed to and of the necessity for cyberinsurance coverage to minimize same.
DUBÉ LATREILLE is a practical and considerate law firm. We offer our clients the security and peace of mind of a reliable team.