Skip to Main Content

Cyber Security

Trends affecting Canada’s cyber insurance market

July 4, 2024 | By: Mahan Azimi, Manager, Catastrophic Risk Policy, IBC
Trends affecting Canada’s cyber insurance market

Canada’s cyber insurance market has grown significantly in recent years, potentially due to increased awareness of cyber threats and improved underwriting controls. According to Insurance Bureau of Canada’s (IBC’s) latest report on cyber insurance trends, cyber liability premiums increased from $18 million in 2015 to $550 million in 2023. (These figures likely underestimate the size of Canada’s cyber insurance market.)

However, claim frequency and severity have outpaced this growth. Financial results show a combined ratio averaging 153% from 2019 to 2023, meaning that insurers paid out $1.53 in claims and operating expenses for every $1 earned in premiums.

The cyber insurance market, though, has been stabilizing over the last couple of years due to insurers gaining a better understanding of cyber risk, improving underwriting standards and providing more tailored products. The market has also witnessed increased capital flow, which invites more competition and leads to better coverage terms. 

As well, insurers are clarifying coverage areas, addressing exposure in policies not specifically designed to cover cyber risk, refining policy wordings, and explicitly excluding cyber warfare and state-sponsored attacks from coverage. Enhanced underwriting practices now require stringent cyber security controls, reflecting a mature risk management approach.

While these new controls are leading to more stability, data breaches are becoming costlier: The average cost of a data breach reached $6.9 million in Canada in 2023, with widespread cyber crime and cyber insecurity ranking high among global industry leaders. Ransomware attacks also began to ramp up in the first half of 2023 as cyber criminals found new tactics and vulnerabilities to exploit. For example, artificial intelligence has helped to automate the tasks required to carry out an attack, making them more efficient and harder to detect.

The risk of large-scale cyber events that impact multiple organizations globally remains significant. Such events can propagate through industries due to interconnected digital systems and shared services, resulting in widespread economic repercussions. Internationally, there are ongoing discussions, particularly in the United States, about a governmental backstop for such worldwide catastrophic cyber events. This backstop would provide financial support to claims that overwhelm insurers’ capacity. The International Counter Ransomware Initiative is also working to strengthen cyber security and awareness, with all 50 member countries publicly denouncing ransom payments in 2023.

The Government of Canada is investing in cyber security through its 2024 Budget and Enterprise Cyber Security Strategy with the aim of enhancing defence and resilience. Canada’s renewed cyber security strategy focuses on economic prosperity and citizen safety in the digital era.

IBC supports the efforts of businesses to increase their cyber resilience and understand risk mitigation measures, such as cyber insurance, through its annual Cyber Savvy Canada public education campaign, which includes education through media and online channels. IBC also shares its Cyber Savvy research on employee actions that could compromise their employer’s cyber security or data safety, and small and medium-sized business (SME) owners’ attitudes toward cyber risk.

IBC has created a cyber insurance self-assessment tool for SME owners considering a cyber insurance policy. This 10-question assessment can help them learn about cyber security protocols and the best practices that most cyber insurers look for when assessing risk and poses some of the same questions in the application process. The campaign aims to help SMEs find the right cyber insurance coverage while emphasizing that security and cyber vigilance should always be the first line of defence.

The assessment and other security resources for SME owners are available at

About This Author

Mahan Azimi serves as the Manager of Catastrophic Risk Policy within the Catastrophic Risk and Climate Policy team at IBC, where he oversees initiatives related to flood, earthquake, and cyber risks. He also plays a key role in corporate and strategic planning.

Prior to joining IBC in 2021, Mahan gained valuable experience working in the federal government and in private sector consulting. Mahan holds a master’s degree in political science from York University and a bachelor of arts from the University of Toronto.