The cyber threat of 2020 – as businesses all over the world sent employees to work from home at the beginning of the global pandemic – is well known. And the danger hasn’t disappeared. In fact, one report showed that serious cyber incidents have actually tripled over the past two years, driven by geopolitical factors such as the war in the Ukraine and technological advances in AI. The good news is that most businesses are aware of the challenge, with nearly 80% of Canadian business owners acknowledging the risk.
Canadian organizations are more aware and better equipped in 2025 than they were at the beginning of the pandemic. And, of course, with ever-evolving threats and more threat actors than ever before, it’s critically important that they stay on top of that risk.
The good news is that it’s a good time for Canadian business owners to purchase cyber coverage. There are more insurers, which means more competitive pricing for better coverage. Business owners are more knowledgeable overall, so they have already taken steps to demonstrate they are a good risk.
As a result, underwriters are actually becoming more flexible when it comes to who they are willing to insure. But that doesn’t mean they aren’t looking to insure the best risk possible. For businesses looking to strengthen their cyber security profile, consider these tips to improve insurability:
Stay on top of the tech. Your business shouldn’t be relying on old technology. Old technology comes with additional risks that you don’t need, and insurers won’t like to take on the extra risk, either. Similarly, it’s a good idea to outsource your Cloud storage; they are experts in cybersecurity and will do a better job protecting your data than you can.
Rely on specialists. Consider hiring experts to manage cyber security within your organization. Experts can stay on top of the threat in a way you can’t manage on your own. If you can’t afford that, arrange for support through outside risk services.
Restrict access. Many organizations allow a large number of employees to have access to specific accounts. From a security standpoint, however, it’s safer if only one or two leaders have access – and even safer if they have to cooperate to achieve access.
Awareness: Insurers need to know that your organization has a basic level of awareness around cyber security. This includes simple security precautions such as using strong passwords and multi-factor authentication (MFA), updating your software, backing up your data and securing your wireless network.
Campaigns: Work with an outsourced vendor who creates phishing campaigns to see how your employees react. These tests are looking for holes in your security awareness and protocols. Organizations with savvy employees will take extra precautions to protect the business: They won’t click on links without caution or answer questions on the phone without authentication.
Training: All employees need to be taught what to look for, especially since all too often it’s a seemingly innocent phone call or email that provides the leak. Employees that know what to watch for can provide a strong line of defense against breaches. Organizations that require regular cybersecurity training will find that they have fewer issues.
Karishma Gabriel is a commercial lines insurance broker with over 25 years of experience. She specializes in cyber liability, property and casualty, auto insurance and risk management across industries including real estate, manufacturing, healthcare and pension funds. Karishma works at Hub International