Toronto, ON —

July 4, 2025 — As ransomware incidents and data breaches continue to spike across Canada, many mid-sized firms are now finding themselves priced out of the very protection they need most: cyber insurance.

According to a new report from the  Maple Risk Institute, premiums for cyber liability coverage in Canada have risen by an average of 41% year-over-year, with some sectors — including legal services, logistics, and private healthcare — seeing even steeper increases or flat-out denials.

“Insurers are spooked,” said Arjun Patel, a senior risk analyst at Maple Risk. “Claims are skyrocketing, and the underwriting models weren’t built for this volume or complexity of cyber incidents.”

One major driver, Patel says, is a wave of quiet ransomware settlements, particularly after last year’s high-profile breach at Regal Processing Group, a national payroll processor that reportedly paid a seven-figure ransom to avoid a class-action lawsuit from affected clients.

“The insurers paid out quietly, but now they’re passing those losses straight down the chain,” he added.

A Shrinking Pool

Of the 12 major insurers that offered cyber liability coverage in Canada in 2022, only seven are actively writing new policies today, and many have added stringent preconditions, including mandatory penetration testing and proof of MFA enforcement across all endpoints.

“For a lot of companies, especially outside urban tech hubs, these conditions are unrealistic,” said Tara Muir, COO of logistics firm NorthTrak Freight. “We’re being told to upgrade our security stack or be denied coverage — but we can’t afford the upgrades without the coverage.”

A Risk Spiral in Progress

Experts warn that without accessible insurance, smaller firms may choose to underreport or hide breaches, leading to downstream damage in interconnected supply chains and customer networks.

“The cyber risk spiral is real,” said Patel. “Less coverage means more exposure, which means more cautious insurers, which means even less access.”

Government regulators have yet to propose a cyber insurance backstop or subsidy, though internal Treasury Board memos — leaked earlier this month — reportedly cite it as a “long-term consideration” under national risk modeling.

Following the risk behind the ROI. — Leila Park

Toronto, ON — 

July 25, 2025 — As Canadian firms scramble to review their cybersecurity posture in the wake of recent government warnings about state-aligned threat actors, some experts warn that many businesses are still failing to translate lessons into action, even when the wake-up calls are happening at home.

In an exclusive interview with ODTN News, Dr. Emilie Zhang, a professor of digital risk and enterprise resilience at the fictional Northland Institute of Technology, says too many Canadian firms are treating cyber threats like distant hypotheticals, not immediate business risks.

“The breaches have already happened here — in our supply chains, our telcos, our utilities. From RedLake to Trinexus to the CanPharma attack, these were not drills,” said Zhang. “But we’re still acting like someone else will handle it.”

Her comments follow last week’s unprecedented joint alert from the Federal Office of Data Integrity (FODI) and the Cybersecurity Oversight Commission of Canada (COCC), which warned of “imminent risk of sustained cyber attacks” against critical government infrastructure.

Zhang, however, believes that the business community is the real soft target.

“Governments may move slowly, but at least they’re moving. A lot of companies still treat cybersecurity like IT plumbing; invisible until it breaks.”

A Pattern of Ignored Warnings

Over the past three years, multiple major Canadian firms have fallen victim to preventable breaches:

• RedLake Freight Systems (2022): A ransomware event shut down logistics operations across three provinces for nearly a week, exposing payroll records and driver credentials.
• Trinexus Solutions (2023): A supplier to provincial health authorities suffered a supply chain compromise that led to the leak of anonymized but re-identifiable patient datasets.
• CanPharma Group (2024): A cloud misconfiguration exposed nearly 1.2 million prescription histories, prompting a joint privacy investigation in Ontario and B.C.

Despite these incidents, Zhang says the same mistakes keep repeating.

“Weak MFA, poor vendor controls, no tabletop exercises. These aren’t zero-day exploits — they’re zero-effort breaches.”

Budget Paralysis and the Illusion of Safety

A recent report by the fictional Canadian Association of Corporate Risk Officers (CACRO) found that 59% of mid-sized firms had not reviewed their incident response plans in over a year, and only 21% had conducted a third-party penetration test since 2022.

“Executives will spend $3 million on rebranding, but flinch at $30,000 for a red team audit,” said Marc Rousseau, a Quebec-based cybersecurity consultant. “There’s still this mindset that good luck is a strategy.”

Zhang argues that Canada is entering a critical learning window.

“We have the advantage of hindsight — not just from abroad, but from our own backyard. But the clock’s ticking. If we don’t treat cyber resilience like a core business function, we’re going to lose more than data.“

Following the risk behind the ROI. — Leila Park

ODTN News’ Ayaan Chowdhury contributed to this report.

Vancouver, BC —

Cyber lead signals confidence in outsourced security as internal fatigue quietly builds.

July 21, 2025 — In an exclusive interview with ODTN News, Dr. Kavita Sandhu, Chief Information Security Officer at siberX Mart, defended the company’s growing reliance on managed security providers (MSPs), brushing aside recent reports of staff turnover and escalating workload among internal cyber teams.

“We’re aligned with top-tier security vendors who understand our environment deeply,” said Dr. Sandhu. “That trust allows us to stay focused on what matters — keeping systems resilient without bottlenecking innovation.”

Calm Above, Friction Below

The statement follows weeks of reports across the retail sector pointing to increased burnout among in-house IT and security professionals. But Dr. Sandhu framed ODTN Mart’s security posture as proactive and balanced, citing regular audits and “well-tested partnerships” as proof of stability.

“This is a time for smart delegation,” she added. “You don’t build resiliency by overextending — you build it by knowing when to let your partners lead.”

Still, multiple former siberX Mart cyber staff, speaking off record, described the environment inside the SOC as “high-volume, low-voice” — a place where alerts are constant, but executive engagement is increasingly distant.

“The dashboards light up. The tickets queue. But no one asks how we’re doing — just whether the SLA is met,” one former analyst said.

A Familiar Pattern?

Cyber governance researchers say siberX Mart’s model reflects a growing trend among large Canadian enterprises: optimizing visibility and reporting over direct investment in internal resilience.

“MSPs offer scale and flexibility,” said Dr. Aashir Rao, fellow at the Western Institute for Civic Integrity (WICI). “But overdependence on external coverage creates blind spots — especially when internal teams are understaffed and overstretched.”

Dr. Sandhu disagrees.

“We run drills. We run diagnostics. And we still run lean — by design. There’s no evidence that bloat equals better protection.”

Confidence, or Containment?

When asked whether her team had flagged recent retail sector “data harmonization conflicts” as potential precursors to larger systemic issues, Dr. Sandhu declined to comment, citing ongoing reviews.

She did, however, reinforce her central message:

“The frontline is shifting. The question isn’t whether you outsource — it’s whether you do it with eyes wide open. At siberX Mart, we do.”

Following the risk behind the ROI. — Leila Park

ODTN News’ Mira Evans & Ayaan Chowdhury contributed to this report.