Cyber threats are no longer a distant concern for Canadian businesses—they are an everyday reality. Ransomware attacks, data breaches, and the financial fallout of cyber incidents have pushed more companies to secure cyber insurance, but coverage is evolving rapidly.

A survey commissioned by the Canadian Internet Registration Authority (CIRA) highlights this shift. Conducted in mid-2024, the study examined cybersecurity decision-making across 500 Canadian businesses with at least 50 employees. The findings paint a clear picture: 82% of organizations now have cyber insurance, compared to just 59% in 2021.

The Rising Price of Cybercrime

The financial toll of cyber incidents continues to climb. According to IBM’s Cost of a Data Breach Report 2024, the average cost of a data breach has reached US$4.88 million—driven by lost business, incident response costs, and recovery expenses.

Ransomware is one of the biggest culprits. The CIRA survey found that 28% of Canadian businesses fell victim to a ransomware attack in 2024, up from 17% in 2021. Alarmingly, among those targeted, 79% paid the ransom, with the most frequently paid amounts falling between $50,000 and $100,000.

Despite these numbers, many businesses prefer to handle cyber incidents discreetly. While Canadian law requires organizations to report significant breaches to privacy regulators and affected individuals, few voluntarily involve law enforcement. This reluctance may be linked to reputational concerns—28% of businesses cited reputational damage as a major consequence of a cyber breach in 2024, up from just 6% in 2018.

However, this silence comes at a cost. IBM’s research suggests that companies could save up to US$1 million by engaging law enforcement early in a ransomware incident. Authorities can often help contain breaches faster, reducing overall damages.

Shifting Insurance Policies: Tighter Requirements and Higher Costs

As demand for cyber coverage grows, insurers are tightening their policies. Businesses with existing cyber insurance report that their providers have made significant changes, including:

  • New security verification requirements (39%)
  • Higher premiums (38%)
  • Stricter eligibility criteria (37%)
  • Reduced ransomware reimbursement (30%)

Not all cyber insurance is structured the same way. Of the companies with coverage, 42% had a standalone cyber policy, while 40% had cyber protection bundled within a broader business insurance policy.

What This Means for Businesses

The cyber insurance landscape is evolving quickly, and businesses need to keep pace. Simply holding a policy is no longer enough—companies must actively meet insurers’ security requirements, budget for rising premiums, and make informed decisions about handling ransomware incidents.

For those navigating cyber risk, investing in proactive security measures and engaging the right response teams early can make all the difference in reducing long-term costs and business disruption.

_________________________________________________________

Jenny is a business insurance broker with Waypoint Insurance. She can be reached at 604-317-6755 or jhansen@waypoint.ca. Connect with Jenny on LinkedIn at https://www.linkedin.com/in/jenny-holly-hansen-365b691b/.  Connect with Jenny at BlueSky: https://bsky.app/profile/jennyhollyhansen.bsky.social

Jenny Holly Hansen is a cohost with Chris Sturges of the Langley Impact Networking Group. You are welcome to join us on Thursday’s from 4pm to 6pm at: Sidebar Bar and Grill: 100b - 20018 83A Avenue, Langley, BC V2Y 3R4

Tags:  #Jenny Holly Hansen #Randsom #Cybercrime #Canadian Internet Registration Authority (CIRA) #Cyber Insurance #Cyber Threats #Cyber Security

Share this article
The link has been copied!