Cybersecurity is top of mind for many businesses in 2025. And for good reason.
An October 2024 Canadian Internet Registration Authority (CIRA) survey found that 44% of organizations reported a cyber attack in the previous 12 months. More than a quarter of the cybersecurity professionals involved reported that it hurt their company’s reputation (28%) and cost them customers (26%).
A key part of mitigating the risk of cyber incidents is having the right cyber insurance coverage that not only covers the costs of restoring systems following a cyber event but also offers proactive advice and support to help navigate the incident.
Aviva Cyber Insurance for Business is a comprehensive insurance plan for a wide range of cyber risks. A critical component is its partnership with Cyberscout®, a TransUnion® brand, one of the world’s largest providers of concierge cyber services and support. Staffed by dedicated and experienced incident coordinators, Cyberscout helps commercial policyholders respond to cyber incidents with speed, precision, and efficiency.
What does a commercial cyber claim process look like? We’re sharing one business’s experience* with Aviva and Cyberscout.
The breach
The business owner first detected a problem when she attempted to open a customer’s file. The information was encrypted into an indecipherable code. Quickly, she tried another file, then another. She was unable to read any of them and suspected a cyber incident.
She reported the issue via Aviva’s 24/7 bilingual cyber helpline serviced by Cyberscout. The incident coordinator immediately engaged the appropriate resources, including a forensic specialist who quickly determined the breach was part of a cyber attack on a third-party software solution. The business owner was one of many companies affected.
The response
While the extent of the breach was being investigated, Cyberscout advised the business owner on how to report the incident to the right authorities. She informed the RCMP, the Canadian Anti-Fraud Centre, the Office the Privacy Commissioner of Canada and the regulatory body for her industry.
Working with the business’s counsel, Cyberscout helped her create a template for an email she could use to notify the more than 4,000 customers that could have been affected, making sure it was compliant with applicable regulations, and included a list of FAQs to help customers understand it all.
They also set up a toll-free contact centre to answer any questions customers might have when they received the notification of the breach event. While these are part of the standard proactive services that Cyberscout provides, each response is customized to a business’s unique needs.
If there’s a potential privacy issue, you don’t want to do anything unnecessarily because it could negatively impact the business. They don’t just check boxes but carefully consider an appropriate response for each incident.
The resolution
Ultimately, it was determined that the cyber attack was the work of a “grey hat hacker” — someone with a curiosity or desire to improve cybersecurity — who wanted to demonstrate the vulnerability of the third-party software.
When a more serious data breach is suspected, Cyberscout may advise that the insured company provide a year’s worth of credit monitoring and dark web monitoring for all potentially affected customers.
Part of Cyberscout’s services include helping businesses process their cyber claims and deploying teams that specialize in ransomware, extortion, and liability. They work hand in hand with Aviva to make it as seamless as possible.
Prioritize cyber security in 2025
More than 40% of cyber security decision-makers surveyed by the CIRA reported that they’ve made changes to their organization’s cyber security approach in response to increased risks over the past year.
Looking for more information?
Talk to your insurance broker to learn more about Aviva’s Cyber Insurance for Business. Enhanced coverage options include Misdirected Payment Fraud protection — commonly known as Social Engineering Fraud — and “bricking” coverage that covers the cost to replace electronic hardware permanently impacted by a cyber incident. You can also choose from curated coverage options to meet the specific needs of your business.
*Anonymized to protect the identity of the business
