Business

Insurance Without a Safety Net? Canadian Firms Face Premium Hikes Amid Cyber Liability Crisis

Published

2 weeks ago

on

A leaked Treasury Board of Canada Secretariat memo references cybersecurity insurance as a "long-term consideration" under federal risk modeling, sparking debate over government preparedness and private sector liability.

Toronto, ON —

July 4, 2025 — As ransomware incidents and data breaches continue to spike across Canada, many mid-sized firms are now finding themselves priced out of the very protection they need most: cyber insurance.

According to a new report from the  Maple Risk Institute, premiums for cyber liability coverage in Canada have risen by an average of 41% year-over-year, with some sectors — including legal services, logistics, and private healthcare — seeing even steeper increases or flat-out denials.

“Insurers are spooked,” said Arjun Patel, a senior risk analyst at Maple Risk. “Claims are skyrocketing, and the underwriting models weren’t built for this volume or complexity of cyber incidents.”

One major driver, Patel says, is a wave of quiet ransomware settlements, particularly after last year’s high-profile breach at Regal Processing Group, a national payroll processor that reportedly paid a seven-figure ransom to avoid a class-action lawsuit from affected clients.

“The insurers paid out quietly, but now they’re passing those losses straight down the chain,” he added.

A Shrinking Pool

Of the 12 major insurers that offered cyber liability coverage in Canada in 2022, only seven are actively writing new policies today, and many have added stringent preconditions, including mandatory penetration testing and proof of MFA enforcement across all endpoints.

“For a lot of companies, especially outside urban tech hubs, these conditions are unrealistic,” said Tara Muir, COO of logistics firm NorthTrak Freight. “We’re being told to upgrade our security stack or be denied coverage — but we can’t afford the upgrades without the coverage.”

A Risk Spiral in Progress

Experts warn that without accessible insurance, smaller firms may choose to underreport or hide breaches, leading to downstream damage in interconnected supply chains and customer networks.

“The cyber risk spiral is real,” said Patel. “Less coverage means more exposure, which means more cautious insurers, which means even less access.”

Government regulators have yet to propose a cyber insurance backstop or subsidy, though internal Treasury Board memos — leaked earlier this month — reportedly cite it as a “long-term consideration” under national risk modeling.

Following the risk behind the ROI. — Leila Park

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version