Tom Canterino No Comments

St. Thomas Insurance Company_ The Best In Personalized Service

If you’re looking for the best insurance company in St. Thomas, look no further than Reith & Associates Insurance and Financial Services Limited! 

We offer personalized service that is second to none. Our agents will work with you one-on-one to find the right policy for your needs. We are committed to providing our customers with the highest quality of service possible, and we always put our clients first!

Our Agents Are Highly Experienced and Knowledgeable in All Aspects of the Insurance Industry

  • Our agents have many years of experience working with clients from a variety of backgrounds, so they understand what it takes to create a quality policy that meets your needs.
  • They will take the time to get to know you and your specific situation, so they can create a policy that truly works for you. Whether it’s auto insurance, home insurance, or life insurance – our agents have got you covered!

We Offer a Wide Range of Insurance Products to Suit Your Needs

  • At Reith & Associates, we understand that everyone’s needs are different, which is why we have such an extensive selection of insurance options available. Whether you’re looking for basic coverage or comprehensive protection, we can help you find the right policy to fit your unique situation.

We Are Transparent and Accessible – We Will Always Be There for You

  • At Reith & Associates, we pride ourselves on our commitment to customer service. Our agents are always available to answer your questions or address any concerns that you may have about your insurance policy. And because our clients come first, we make sure that all of our policies are clearly explained and easy to understand.
  • So if you’re looking for the best insurance company in St. Thomas, look no further than Reith & Associates Insurance and Financial Services Limited! We have the experience and expertise to help you find a policy that fits your needs – so contact us today and let’s get started!

We Are Highly Rated by Our Loyal Clients and the Local Community

  • Our reputation speaks for itself – we have been consistently rated as one of the top insurance companies in St. Thomas, due to our commitment to providing excellent service and support. Our clients trust us to keep them safe, which is why they keep coming back year after year!

Whether You’re a New Client or an Existing Customer, We Are Always Ready and Willing to Help

  • At Reith & Associates, we believe that everyone deserves the best possible insurance coverage, regardless of their situation. So no matter who you are or what your needs may be, our agents will work tirelessly to find the right policy for you. So don’t settle for anything less – contact us today and let’s get started!  
  • So if you’re looking for the best insurance company in St. Thomas, look no further than Reith & Associates Insurance and Financial Services Limited! Our agents are here to help you find the coverage that you need, so contact us today and let’s get started!

Tom Canterino No Comments

The Ultimate Guide To Insurance Company St. Thomas

If you are looking for a comprehensive guide to the insurance company St. Thomas, you have come to the right place. In this blog post, we will discuss all of the different types of insurance available in the St. Thomas area and provide you with information on how to choose the right policy for your needs. We will also provide tips on how to save money on your insurance premiums and get the best coverage possible!

What is the Ultimate Guide To Insurance Companies?

The ultimate guide to insurance companies is a comprehensive resource that provides information on all of the different types of insurance policies available in St. Thomas.

If you are looking for affordable coverage and expert advice, the ultimate guide to insurance companies is the perfect place for you.

This guide will help you navigate through the complex world of insurance, providing you with all of the information you need to make informed decisions about your coverage.

Whether you are looking for auto, home, life, or health insurance, the ultimate guide has everything you need to find the right policy for your needs.

How Do I Choose The Right Insurance Policy For My Needs?

There are many factors to consider when choosing an insurance policy, and it can be a daunting task to navigate the world of insurance on your own. That’s why it’s important to work with an experienced agent who can help you find the right coverage for your needs.

Some important things to think about when choosing an insurance policy include:

  • Your budget – What are you able and willing to spend on insurance premiums? 
  • Keep in mind that there is a wide range of policies available, so you can find affordable coverage even if you have a limited budget.
  • The type of coverage you need – Do you need auto insurance, life insurance, or home insurance? What about health and disability coverage? Make sure that the policy you choose provides adequate protection for all of your important assets and needs.
  • Your risk profile – How likely are you to be involved in an accident or incident that could lead to a claim? What are your health and financial situation? These are all important factors that will affect the type of coverage you need.
  • The reputation of the insurance company – Insurance companies can vary widely in terms of their level of service, customer satisfaction, and claims processing speed. Make sure that you do your research when choosing an insurance company, and opt for one that has a solid track record of providing great service to its clients.

How Can I Save Money On My Insurance Premiums?

There are many things you can do to save money on your insurance premiums, including:

  • Shopping around – Compare rates from different insurance companies in order to find the best deals. You may be surprised by how much you can save just by switching providers!
  • Bundling your policies – Many insurance companies offer discounts for bundling different types of policies, such as auto and home insurance. Talk to your agent about this option and see what kind of savings are available.
  • Maintaining a good credit score – Your credit score is often used to determine your insurance premiums, so maintaining a good score can help you save money on your coverage.

Overall, the ultimate guide to insurance companies in St. Thomas is an invaluable resource for anyone looking for affordable and reliable coverage. Whether you are just starting out or need to make changes to your existing policy, this guide has everything you need to make informed decisions about your insurance needs. So what are you waiting for? Start exploring the world of St. Thomas insurance today!

Nikki Johnson No Comments

Pitfalls of Directors & Officers Insurance with Private Companies

Directors & Officers Business Meeting Image

After assessing your company’s risks, you’ve made the decision to purchase Directors and Officers insurance. Now what?

It’s essential to know the ins and outs of your Directors & Officers (D&O) policy, including policy limits, what’s covered and, most importantly, what’s not. Why? Because you may assume you’re covered for a claim when policy exclusions could apply. As time-consuming as it may be, it’s critical to read the fine print in your policy, as the language in the exclusions may affect the coverage of potential claims.


Some exclusions that insurers and insureds dispute concern incidents that happened or allegedly happened before the D&O policy went into effect. In some cases, the insurer simply won’t cover the claim; in other cases, the insurer may render the policy void.

  • The Known Circumstances Exclusion. With this exclusion, the insurer will not pay for claims that arise from a negligent act, error, omission or personal injury that occurred prior to the start date of the D&O policy. The insurance carrier attests that the insured knew or could have foreseen that any of the above happened and could have been the basis for a claim. This exclusion is found more frequently in private and non-profit policies than in public company policies. What is especially important to note is that the premium is usually not returned to the insured if it is determined that they withheld their knowledge of circumstances that occurred prior to the start of the policy.

In the case of a rescission scenario, the premium is returned to the insured. Rescission means that the policy is rendered void after the insurer discovers that the insured answered untruthfully to any of the warranty questions on the insurance application. Warranty questions ask the applicant if they know of any fact, circumstance or situation that might reasonably be expected to give rise to a claim. Rescission also could occur if the applicant provided false or misleading information in the company’s financial data. These scenarios usually happen only in public company D&O policies.

  • Prior Acts Exclusion. Similar to the known circumstance exclusion, this exclusion is also concerned with pre-policy circumstances. The insurer is not responsible for wrongful acts committed or attempted before the coverage was enacted. A wrongful act is that which damages the rights of another. These acts are not only limited to criminal offences but can also include acts that result in civil lawsuits.

Other exclusions found in D&O policies revolve around the duty to defend and defense expenses in the event of a claim. If the insurer has the right to the duty to defend, then they are able to select the insured’s defense and have greater control over the rates and billing practices of the defense counsel.

  • Reasonableness of Defense Fees. This is more prevalent in private company and non-profit D&O policies, as most of those policies give the insurer the right and duty to defend the insured’s claims, whereas public companies retain the right to choose their own defense counsel. If this is written into your D&O policy, it means that the insurer will only pay for “reasonable and necessary” defense fees. Some insurers also provide detailed information on litigation guidelines.
  • Consent to Settle and the Hammer Clause. If the insurance carrier has no duty to defend, such as in cases against public companies, then they have no right to settle the case when they want to settle it. As a result, the insured may elect to continue with litigation, even if that would exhaust the policy limit, because the defendants don’t want to settle the case to be perceived as an admission of their wrongdoing or incompetence. This creates a lot of tension between insurers and the insured, especially if the insured does not include the insurer in the settlement discussion. Therefore, some insurance policies have a consent to settle exclusion in the policy, prohibiting the insured from settling the claim without the insurer’s prior written consent.

The hammer clause is similar to the consent to settle exclusion, although less common. Basically, the hammer clause informs the insured that if they go against the insurer’s recommendation to settle, the insured will be responsible for any judgment won by the plaintiff and legal fees that go beyond the settlement offer.

Most D&O insurers expect that D&O insurance is only a part of a company’s wider insurance portfolio. In some cases, however, this assumption doesn’t always prove to be true. Certain firms may go without Umbrella insurance or even General Liability insurance policies, making D&O one of their only forms of insurance. Because of this, many D&O insurers write exclusions in their policies stating what claims they won’t cover because other types of insurance would potentially cover the claim.

  • “Other Insurance” Exclusions. D&O insurance is just one form of insurance in a comprehensive risk management plan for most companies. Because of this, most D&O policies have exclusions for claims that involve bodily injury, property damage and fiduciary claims, which could be covered by other types of insurance such as a Commercial General Liability policy or a Fiduciary Liability policy. To protect their best interests in the event of a claim, the insured should notify all insurers from their various policies, thus allowing the insurers to determine who is liable for the claim.
  • Contractual Liability Exclusion. This exclusion is especially pertinent to private companies and non-profits that have broad entity coverage under a D&O policy. Since contractual obligations are not liabilities imposed by law but rather an obligation that is voluntarily undertaken, many D&O policies have an exclusion that prevents insurers from having to cover contract-related claims, especially breaches of contract that arise when the company enters into a contract with another party.

When examining this exclusion in your D&O policy, make special note of the wording of this clause. This exclusion can substantially affect the extent of your coverage under the policy—the narrower the scope of the exclusion, the better for you.

D&O insurance protects directors and officers from poor business decisions, but most policies do not protect them from wrongful acts and gross misconduct. These exclusions include:

  • Conduct Exclusions. Most D&O policies have exclusions that deny coverage for certain types of misconduct. There are two categories of misconduct exclusions:
    • For loss relating to fraudulent or criminal conduct
    • For loss relating to illegal profits or remuneration to which the insured was not legally entitled.

It’s especially important to look at the wording on these exclusions in the policy; subtle wording differences can significantly impact the accessibility of the coverage.

  • Insured vs. Insured Exclusion. In some D&O cases, one insured director may bring a claim against another insured director, and some insurers do not want to cover this because they don’t want to get involved in the infighting between a company’s directors and officers.

Obtaining D&O insurance is important to protect the directors and officers of your company; but simply purchasing the policy won’t benefit you unless you know the extent of your coverage.

Do you understand your D&O insurance policy? Contact Reith & Associates Insurance and Financial Services Limited today for more information about your coverage and exclusions.

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Dan Reith

Principal Broker
Reith & Associates Insurance and Financial Services Limited
Dan Reith BA(Hons) CAIB
Nikki Johnson No Comments

Importance of Insuring to Value for Commercial Property

Post pandemic supply chain issues and inflationary pressures have certainly impacted the cost of life.  Inflation and supply delays are not limited to groceries, vehicles and household items.  Commercial/industrial materials and equipment have been equally impacted.  The impact has been a tremendous delay in obtaining parts, new equipment and inflation has driven up the cost of everything. 

Through monitoring of recent claims expense across the commercial sector it is apparent that the inflation guard, contained in most commercial property policies protecting buildings, stock, equipment and inventory, has not been sufficient to bring standing limits to where they need to be as a result of the current inflationary upward spiral. The result is a business that has not adequately adjusted/increased their insured limits will be prejudiced at the time of a claim.  That is a fact.  No insurance policy wording gives a pass because of radical inflation spikes caused by a pandemic.  It is the responsibility of the policyholder to make certain the insured limits for buildings, stock, equipment, inventory etc., (all real property insured under the policy) is sufficient to be able to afford to replace lost items NEW for OLD.  Now, if your policy is written with an Actual Cash Value (ACV) claims settlement then the impact may be lesser but there is still a negative impact as the cost of “new” is so much higher today.

When purchasing or renewing their commercial property insurance, it’s vital for businesses to ensure such coverage includes correct property valuations. Doing so can make all the difference in providing sufficient protection and preventing coinsurance penalties amid covered property losses. That’s where conducting accurate insurance-to-value (ITV) calculations comes into play. Generally speaking, ITV refers to an approximation of the full cost to replace or restore insured property.

Businesses may end up with inaccurate ITV calculations for a wide range of reasons—whether it stems from leveraging ineffective property valuation methods, intentionally underestimating costs in efforts to secure reduced premiums or being impacted by factors outside of their control (e.g., inflation). Regardless, such inaccuracies are all too common. In fact, an estimated 70 per cent of commercial properties are underinsured by 40 per cent or more, according to industry data.

With these findings in mind, it’s evident that businesses need to take commercial property valuations seriously. This article offers more details on ITV, outlines factors to consider when determining a property’s value, explains the pitfalls of property undervaluation and provides best practices for improving property valuation measures.

ITV Explained

An accurate ITV calculation represents as close to an equal ratio as possible between the amount of insurance a business obtains and the estimated value of its commercial property—thus ensuring adequate protection following property losses.

However, it’s important to keep in mind that a property may be assigned several different values, including the following:

  • Market value—This value is an estimate of what a property could be sold for in the present real estate market. The market value of a property is based on elements such as lot size, building condition and location desirability. 
  • Assessed value—This value is an estimate generated by the municipality where a property is located. Such a value is typically utilized to determine local property taxes.
  • Replacement value—This value is an estimate of the current cost to replace or rebuild a property. The replacement value of a property depends on characteristics such as material and labour expenses, architect services, debris removal needs and building permit requirements.

Generally, insurance experts recommend using the replacement value of a property to conduct correct ITV calculations. Common approaches to accurately estimating this value include getting a property appraisal from a third-party firm, leveraging fixed-asset records that have been adjusted for inflation or relying on a basic benchmarking tool.

While appraisals often require more time and resources than other property valuation methods, they are largely deemed the most thorough and accurate.

Factors Impacting Property Value

Apart from utilizing replacement value estimates within ITV calculations, businesses should consider the following factors to determine correct property valuations:

  • Direct and indirect expenses—In addition to direct costs, such as material and labour expenses, property valuations should incorporate indirect costs, such as consulting fees, engineering services and other expenses not directly associated with rebuilding.
  • Property age—In the case of older structures, property valuations should include additional construction costs that may arise from upgrading outdated building materials and equipment.
  • Building codes—Older properties may also require certain modifications amid the rebuilding process to comply with modern building codes (e.g., plumbing improvements, energy efficiency upgrades, sprinkler system changes and safety enhancements). These adjustments may further compound construction costs, driving up property valuations.
  • Property accessibility—Properties situated at steep locations or adjacent to neighbouring structures may need to have bracing or other safety measures put in place during demolition and rebuilding operations to ensure accessibility. These measures should also be factored into property valuations.
  • Unique features—Some custom property elements (e.g., stained glass) could necessitate specialized construction work, elevating rebuilding costs. Therefore, it’s crucial for these unique features to be incorporated into property valuations.

Consequences of Property Undervaluation

Businesses could face a number of ramifications if they conduct inaccurate ITV calculations and undervalue their properties. Namely, businesses may lack sufficient coverage following property losses, forcing them to pay out-of-pocket expenses in order to fully rebuild. Depending on the severity of property losses and associated rebuilding operations, paying these costs out of pocket could lead to major financial setbacks and—in certain scenarios—bankruptcy.

Additionally, property undervaluation can sometimes result in coinsurance penalties. Most commercial property insurance policies include coinsurance clauses, which encourage policyholders to carry reasonable and accurate amounts of coverage. Under a coinsurance clause, a policyholder is subject to a penalty—generally, a reduced payout—if their coverage limit is not at least equal to a predetermined percentage of the value of their property.

Ways to Improve Property Valuations

Here are some additional best practices businesses can review to help ensure accurate ITV calculations and improve their property valuation measures:

  • Find a reputable appraiser. Third-party appraisals are considered the gold standard in property valuations by insurers, as they offer reassurance that calculations were conducted by experienced and objective professionals. As such, it’s vital to secure a trusted and reputable appraiser.
  • Consult other parties. Determining the value of a property should be a team effort. Make sure to compile a variety of property data from multiple qualified parties (e.g., accountants, contractors, real estate experts, risk managers, insurance professionals and chief financial officers) when making valuation decisions.
  • Make updates as needed. The value of a property is always changing. This means it’s imperative to update property valuations on a regular basis. For instance, appraisals should be conducted at least every three to five years. Take note that property valuations may need to occur even more often. The frequency will depend on factors such as changing property exposures, altered operations, building upgrades or modifications, the implementation of new technology or equipment on-site, shifting market conditions and property construction trends (e.g., inflated labour and material costs). It’s best to work closely with trusted insurance professionals when updating property valuations to maintain ample coverage and prevent coinsurance penalties.


Ultimately, it’s clear that correct property valuations are critical in securing adequate commercial property insurance. By better understanding how to conduct accurate ITV calculations, businesses can stay protected when covered events occur and avoid potential coinsurance penalties.

Contact Reith & Associates today for additional insurance guidance and solutions.

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Dan Reith

Principal Broker
Reith & Associates Insurance and Financial Services Limited
Dan Reith BA(Hons) CAIB
Nikki Johnson No Comments

Insuring Your Intellectual Property

Insuring Your Intellectual Property

As intellectual property becomes a vital part of more firms’ assets, businesses must consider the additional exposures they face. There are several types of intellectual property protected under federal law: trademarks, copyrights, patents, trade dress and trade secrets. To help protect your business, there are two types of intellectual property coverage available: the first protects a company sued for infringement by paying for legal defense, and the second helps pay the legal expenses of suing an alleged infringer.

If your company could be sued by a competitor for infringement or intellectual property theft, or you do not have the funds to cover legal fees associated with defending your patent or trademark, it is vital that you purchase coverage. Defending infringement litigation can cost hundreds of thousands of dollars, not including the cost of damages and prejudgment interest. In patent infringement cases, attorney’s fees can easily top $1 million.

Budgeting and planning for the protection of intellectual property rights may not only save your company a significant amount of capital; it may also help keep your business viable when legal bills accumulate rapidly. There are several options to cover these exposures: the “advertising injury” provision in the standard Commercial General Liability policy, endorsements to Errors and Omissions policies and specialized policies offered by certain insurers specifically designed for the protection of intellectual property rights.   

Commercial General Liability Policy – Advertising Injury

The Commercial General Liability Policy, or CGL, is a standard liability policy offering broad coverage. Coverage for an advertising injury often falls under Coverage B in a CGL. Any act by the insured that somehow violates or infringes on the rights of others (referred to in the policy as an offence) is the subject of personal and advertising injury liability coverage, although only those acts that are specifically listed in the policy are covered. The coverage under the “advertising injury” provision is limited to those injuries that are directly related to the advertisement. Therefore, the policy covers debts owed by the insured party due to claims filed against it.

Coverage B policyholders are sometimes covered in cases relating to trademark infringement; however, copyright claims are only successful where they are directly related to advertising, and patent claims are rarely covered under the “advertising injury” provision. The cases which allow for coverage in a patent infringement case are generally limited to instances in which a court finds contributory infringement or inducement to infringe through an advertising medium. Since the “advertising injury” provision in a standard CGL is rather limited, many businesses consider additional coverage.

Special Endorsements and Policies

Beyond the CGL, specialized policies can be better suited to a business’s unique exposures. These are Errors and Omissions liability policy endorsements that can vary in focus from media and communications to patent infringement. Note that these policies have not been the subject of much litigation, and therefore, judicial guidance on coverage determinations is comparatively limited. It is important to consider multiple carriers, since available coverage varies widely from carrier to carrier.

Infringement Defence and Abatement Insurance

A third option relates primarily to patents, though riders for copyrights and trademarks may be available. Carriers have developed policies specific to intellectual property, generally with patents in mind. In relation to patents, there are three basic policy types: defense and indemnity, defense only and offensive, or infringement, abatement insurance.

A defense and indemnity policy provides defense coverage in a patent infringement suit and, if the party in question is found liable, pays for damages, including prejudgment interest. A defense only policy, much like it sounds, covers only the cost of defense and does not cover damages awarded to the successful party. In addition, an offensive policy covers only the costs of pursuing an infringer. Certain carriers will amend some of the above-mentioned policies to include endorsements for trademark and copyright infringement for an additional premium.

Exclusions to Coverage

In addition to special exclusions, there is a general exclusion to the CGL stating that there is no coverage “for an offence committed by an insured whose business is advertising, broadcasting, publishing or telecasting.” With the increase in claims, many carriers are drafting exclusions that specifically omit coverage for copyrights that fall outside of infringement of copyrighted advertising materials, patents, trademarks and the like.

It is important to be aware of the exclusions to any policy that you purchase. The most common exclusions specified in intellectual property policies are for willful infringement, anti-trust violations, infringement existing or known on the effective date of the policy and criminal acts.

Asserting Coverage

To maximize coverage, there are a number of steps that your company should follow. Failure to investigate the existence of coverage in a timely manner can absolve a carrier of liability and create grounds for a malpractice case against the intellectual property legal counsel. While courts have held outside intellectual property counsel liable for failure to pursue coverage determinations, companies should still proactively recognize and review the potential for insurance coverage for protection of their intellectual property assets.

  1. If a claim has been asserted against your company, you have a duty to notify your carrier. In fact, notifying your carrier immediately is in your best interest because a delay could be grounds for denying coverage. In the case where a formal complaint has been served on the company, the following six steps are recommended.
  2. The policy or policies should be analyzed by counsel to determine under which policies the claim may be covered. In this step, the complaint should be closely examined for types of issues raised and should be compared to the relevant policy clauses.
  3. The company should promptly tender defense to the carrier. In the tender, all policies that may provide coverage should be identified, including the specific clauses.
  4. Demand a prompt response to the tender. If a sufficient extension of the time to answer is not granted, it is possible that a response to the complaint will be due prior to the issue of coverage being resolved. If that is the case, then defense counsel should be retained until the issue of coverage is determined.
  5. Review the carrier’s response to the company’s tender. The carrier may accept defense; it may defend under a reservation of rights; the carrier or the policyholder may seek a declaratory judgment for a coverage determination; or it can reject tender.
  6. If there is a conflict in the interests of the carrier and the policyholder, the policyholder should insist on the right to control the litigation and should further insist upon independent counsel.
  7. Be diligent about which documents are shared with the carrier, especially in cases where the carrier has reserved its rights to deny coverage. While the policyholder has a duty to cooperate with the carrier, in a case where a reservation of rights to deny coverage has been tendered, the production of certain documents to the carrier could result in the waiver of the attorney-client privilege as to the subject matter of the produced documents.

Comparing Policies

Insuring your company’s intangible assets and its liability is a vital part of risk management. Insurance for both infringement of intellectual property and for an assertion of infringement against your company can provide financial security and peace of mind.

Reith & Associates will compare your desired coverage to the specifically named offences in policies based upon enumerated risks and will examine any exclusions that may weaken the coverage you seek. We are skilled at identifying the perils associated with intellectual property and high-technology companies, and we can assist you in selecting the right policy. Let us help you protect your most precious assets. Contact us today to ensure that the coverage you buy meets your needs in today’s marketplace

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Principal Broker
Reith & Associates Insurance and Financial Services Limited

Nikki Johnson No Comments

Penetration Testing & Minimizing Cyber Attacks

Penetration Testing & Minimizing Cyber Attacks

Keeping workplace technology up and running is vital to any organization’s success. While this task seems feasible, it’s growing harder and harder each year as cybercriminals expand their reach. It’s not enough to simply protect workplace technology with software and security protocols. It’s also critical for your organization to test the overall effectiveness of these protocols on a regular basis. That’s where penetration testing can help.

Essentially, penetration testing consists of an IT professional mimicking the actions of a malicious cybercriminal to determine whether an organization’s workplace technology possesses any vulnerabilities and can withstand their attack efforts. Conducting a penetration test can help your organization review the effectiveness of workplace cybersecurity measures, identify the most likely avenues for a cyberattack and better understand potential weaknesses.

Review this guidance to learn more about what penetration testing is, the benefits of such testing and best practices for carrying out a successful test within your organization.

What Is Penetration Testing?

Put simply, penetration testing refers to the simulation of an actual cyberattack to analyze an organization’s cybersecurity strengths and weaknesses. This testing usually targets a specific type of workplace technology, such as the organization’s network(s), website, applications, software, security systems or physical assets (e.g., computers and smart devices). Penetration testing can leverage various attack methods, including malware, social engineering, password cracking and network hacking, among others.

Generally speaking, penetration testing is often performed by a professional from a contracted IT firm who is not associated with the organization being assessed in any way. This helps the cyberattack simulation seem as authentic as possible. Penetration testing is typically either external or internal in nature. The primary differences between these forms of testing are as follows:

  • External penetration testing requires the IT expert to attack an organization’s external-facing workplace technology from an outside perspective. In most cases, the IT professional won’t even be permitted to enter the organization’s physical establishment during external penetration testing. Rather, they must execute the cyberattack remotely—often from a vehicle or building nearby—to imitate the methods of an actual cybercriminal.
  • Internal penetration testing allows the IT expert to attack an organization’s internal-facing workplace technology from an inside perspective. This form of testing can help the organization understand the amount of damage that an aggrieved employee could potentially inflict through a cyberattack. 

In addition to these testing formats, there are also two distinct types of penetration tests. How much information an organization provides the IT professional prior to the cyberattack simulation will determine the penetration test type. Specifically:

  • An open-box test occurs when the IT expert is given some details regarding the organization’s workplace technology or cybersecurity protocols before launching the attack.
  • A closed-box test occurs when the IT expert is provided with no details other than the organization’s name before conducting the attack.

Ultimately, the penetration testing format and type should be selected based on the particular workplace technology elements or cybersecurity measures that an organization is looking to evaluate.

Benefits of Penetration Testing

Penetration testing can offer numerous advantages to your organization, including:

  • Improved cybersecurity evaluations—By simulating realistic cyberattack situations, penetration testing can help your organization more accurately evaluate its varying security strengths and weaknesses—as well as reveal the true costs and of any security concerns.
  • Greater detection of potential vulnerabilities—If any of your workplace technology or other cybersecurity protocols fail during a penetration test, you will have a clearer picture of where your organization is most vulnerable. You can then use this information to rectify any security gaps or invest further in certain cyber initiatives.
  • Increased compliance capabilities—In some sectors, organizations are legally required to engage in penetration testing. For example, the Payment Card Industry Data Security Standard calls for organizations that accept or process payment transactions to execute routine penetration tests. As such, conducting these tests may help your organization remain compliant and uphold sector-specific expectations.
  • Bolstered cybersecurity awareness—Mimicking real-life cyberattack circumstances will highlight the value of having effective prevention measures in place for your employees, thus encouraging them to prioritize workplace cybersecurity protocols.

Penetration Testing Best Practices

Consider these top tips for executing a successful penetration test within your organization:

  • Establish goals. It’s crucial for you to decide what your organization’s goals are regarding the penetration test. In particular, be sure to ask:
  • What is my organization looking to gain or better understand from penetration testing?
  • Which cybersecurity threats and trends are currently most prevalent within my organization or industry? How can these threats and trends be applied to the penetration test?
  • What specific workplace technology elements or cybersecurity protocols will the penetration test target?
  • Select a trusted IT professional. Consult an experienced IT expert to assist your organization with the penetration test. Make sure to share your organization’s goals with the IT professional to help them understand how to best execute the test.
  • Have a plan. Before beginning the penetration test, work with the IT expert to create an appropriate plan. This plan should outline:
  • The general testing timeframe
  • Who will be made aware of the test
  • The test type and format
  • Which regulatory requirements (if any) must be satisfied through the test
  • The boundaries of the test (e.g., which cyberattack simulations can be utilized and what workplace technology can be targeted)
  • Document and review the results. Take detailed notes as the penetration test occurs and review test results with the IT expert. Look closely at which cybersecurity tactics were successful during the attack simulation and which measures fell short, as well as the consequences of these shortcomings. Ask the IT professional for suggestions on how to rectify security gaps properly.
  • Make changes as needed. Based on penetration test results, make any necessary adjustments to workplace technology or cybersecurity protocols. This may entail updating security software or revising workplace policies.
  • Follow a schedule. Conduct penetration testing at least once every year, as well as after implementing any new workplace technology.

For more risk management guidance and insurance solutions, contact us today.

Dan Reith, Principal Broker
Dan Reith, Principal Broker

Dan Reith

Principal Broker
Reith & Associates Insurance and Financial Services Limited
Dan Reith BA(Hons) CAIB