Resources & Insights

Archive for the ‘All’ Category

Ransomware Attacks on the Rise – Are You Covered?

With ransomware attacks on the rise, the role of insurance is becoming more robust. And, although ransomware coverage has been traditionally sublimited within cyber policies, stand-alone cyber policies that cover ransomware are becoming more necessary.

In an attempt to find additional coverage for ransomware, many businesses and carriers have turned to kidnap and ransom (K&R) policies. K&R policies have traditionally been used by organizations to protect their executives, not to protect against ransomware. Because K&R policies were not designed for ransomware, they may only provide a quick fix. K&R policies tend to be less suitable for ransomware than cyber policies and payouts tend to be lower.

Policy Definitions, Terms and Conditions

Since cyber insurance isn’t standardized, organizations should review all policy language with a broker before choosing a plan. Policies can vary significantly in their language and coverage options, so insurance experts recommend policies that—at the very least—provide coverage for extortion demands and payments as well as lost income resulting from an attack.

Organizations should also take a close look at the following definitions, terms and conditions when choosing a policy:

  • Sublimits and deductibles—Most policies set a sublimit for covering ransomware. It is important to review this limit carefully, considering that demands may start on the low side, but can increase quickly. Additionally, since making a ransom payment may make organizations a target for subsequent ransom demands within the policy year, the deductible amount should reflect that risk.
  • Payment terms—Most policies require prior written consent before the insured can pay any ransom. This can result in payment delays and increased demands by the hackers. If an organization pays a ransom in order to resume business, without prior written consent by the insurer, there’s a chance that it may not be reimbursed. Therefore, organizations need to be comfortable with a policy’s terms in order to avoid compromising coverage.
  • Definition of extortion—It is important for organizations to fully understand and agree with their insurance company’s definition of extortion, since the definition dictates the trigger for coverage. For example, although hackers may intend to sell or misuse information, the ransom demand may only involve a countdown timer and demand for money. While the combination of the two may seem like an obvious threat to the insured, a carrier could possibly deny coverage on the basis that there was no explicit threat to sell or misuse information—all because of its unique definition of extortion.

What to Look for in a Policy

Companies should look for ransomware coverage that uses broad terminology and protects against a wide range of threats, including threats to do the following:

  • Access, sell, disclose or misuse data stored on your network, including digital assets.
  • Alter, damage, or destroy software or programs.
  • Introduce malicious software, including viruses and self-propagating code.
  • Impair or restrict access. Look for policies with broad terms like, “threats to disrupt business operations.”
  • Impersonate the insured in order to gather protected information from its clients, also known as pharming or phishing.
  • Use your network to transmit malware.
  • Deface or interfere with your company’s website.

The Importance of Risk Management

Ransomware insurance is most effective when coupled with an effective risk management program, as there are many components in the fight against cyber crime. Risk managers should work with an insurance broker to review all applicable options before choosing cyber coverage.

Contact us today to learn more about available cyber policies and effective risk management techniques to protect your organization from ransomware attacks.

Exciting New Partnership!

We are very excited to announce a partnership that aligns our purpose, vision and values with the ability to gain national strength and stature, all while remaining strongly INDEPENDENT.

Effective May 5, 2017, Megson FitzPatrick partnered with Rogers Insurance Ltd. and the Inowest Group of Companies, out of Calgary, AB, making our combined organization one of the top five largest independent brokerages in Canada.

Our vision has always been to transform and expand Megson FitzPatrick into an even stronger independent broker, where decisions are ALWAYS based on delivering the best customer experience.  This new partnership is committed to our vision, and our clients are now able to benefit from the shared capabilities of each brokerage for more comprehensive expertise and service offerings, in addition to an expanded network of insurers to work with.

Our new partnership expands our reach to 14 offices across the country and over 500 employees.

If you have any questions or comments regarding this partnership, please contact Jay Tuson directly at or 250-940-9029.



Are You Prepared if Disaster Strikes?


From fires to floods, earthquakes to hurricanes, disaster can strike anytime, anywhere, and often with little to no advance warning. According to the Insurance Information Institute, as many as 40 per cent of businesses forced to suspend operations due to a natural or human-caused disaster never reopen their doors.

Try to imagine the challenges your business would face in the wake of a natural disaster like the massive floods in 2013 or Superstorm Sandy. It’s scary to even consider. Now here’s something even scarier: A relatively minor fire or flood that forces you to shut down operations carries many of the same challenges as a disaster on the scale of last year’s floods or Sandy.

Your commercial property insurance policy would help you rebuild your physical infrastructure, but are you equipped to deal with lost revenue and mounting expenses while you work to restore operations?

Planning for the worst

The difference between surviving a business interruption and going belly-up often hinges on one factor: preparation.

The best way to prevent a disaster from putting the future of your business at risk is to have a proper continuity plan in place.

Business continuity planning involves:

  1. Defining potential risks
  2. Determining how those risks will affect operations
  3. Implementing safeguards and procedures designed to mitigate those risks
  4. Testing those procedures to ensure that they work
  5. Periodically reviewing the process to make sure that it is up to date

Start the process by establishing a planning team tasked with developing the continuity plan. Typical goals of your plan should include:

  • Protecting the safety of employees, visitors, contractors and others at risk from hazards at the facility
  • Maintaining customer service by minimizing interruptions or disruptions of business operations
  • Protecting facilities, physical assets and electronic information
  • Preventing environmental contamination
  • Protecting your organization’s brand, image and reputation

The planning process should take an “all hazards” approach. The probability that a specific hazard will impact your business is hard to determine—that’s why it’s important to consider many different threats and hazards and the likelihood they will occur. A business impact analysis can predict the consequences of an interruption and give you a good idea of how your operations would be affected in case you were forced to temporarily close.

Implementing the plan means more than simply exercising the plan during an emergency. It means acting on recommendations made during the hazard analysis, integrating the plan into company operations, training employees and evaluating the plan on an ongoing basis.

It is important to conduct a formal audit of the entire plan at least once a year to help identify any factors that may necessitate changes, such as updated regulations or new hazards.

Let us guide you through the process

No business owner wants to think about what would happen to the business if disaster strikes, but it’s a reality that all business owners must face. Megson FitzPatrick Insurance Services realizes it can be a daunting task to plan for a major business interruption—but it doesn’t have to be.

We can help you kick-start your planning efforts with a suite of industry-leading business continuity tools and resources, including a sample plan that can be tailored to meet the unique needs of your business. We can guide you step by step throughout the planning process, from assessing hazards to implementing safeguards to ensuring your plan stays up to date.


Snow & Ice Removal

Megson FitzPatrick, Insurance Brokers, Winter, Snow and Ice removal

Owners and managers of commercial property have an obligation to maintain safe conditions for employees and occupants. During the winter season, walkways, stairs, driveways, interior roadways and parking lots become slip and trip hazards as snow falls and ice forms. This is not only a safety hazard, it can also be an expensive legal issue for property owners, if an accident occurs.

To prevent injuries and minimize injury costs, commercial property owners should consider implementing a snow removal program using our checklist provided.

Download our free Snow and Ice Removal Checklist-2015

Host Liquor Liability- Know your risk exposure.

A bartender is legally liable for serving alcohol to a patron who becomes intoxicated and then injures a third party. Does a business face a similar exposure when it hosts a social event where alcohol is served, such as an open house or holiday party?
Anytime you provide alcohol to individuals in a non-commercial manner, you are considered a social host. Social hosts generally are not responsible for the acts of guests that consume alcohol. However, a social host may become responsible for the acts of their guests if their conduct creates or exacerbates a risk to the public. It is important to take the appropriate steps to control your risk.

Download our free whitepaper: Limiting Social Host Liquor Liability-2015.