+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

Canada Cyber (Liability) Insurance Market - Growth, Trends, COVID-19 Impact, and Forecasts (2022 - 2027)

  • PDF Icon


  • 130 Pages
  • June 2022
  • Region: Canada
  • Mordor Intelligence
  • ID: 5616717
UP TO OFF until Sep 30th 2022
The cyber market is relatively young in Canada and small, at about $120 million in annual gross premiums written in 2020. Brokers and insurers in Canada should expect an upswing in cyber insurance demand, as the workforce shifts in the wake of the COVID-19 pandemic. This presents an opportunity for brokers when it comes to selling cyber insurance. That’s because working from home as a result of the COVID-19 pandemic has exposed vulnerabilities when it comes to home network security compared to when working off corporate networks.

The Global average cost of a data breach in 2020 is USD 3.86 million. The average cost of data breaches in Canada is USD 4.31 million. The highest average cost of a data breach by country (in the US) is USD 8.64 million.

The cyber market in Canada has evolved more in 20 years than the property market as insurers adapt to new threat landscapes, and with the increase in frequency and severity of cyber claims happening for Canadian businesses, cyber insurers are yet again refining what their product should do for clients. And yet the size of the Canadian cyber market is still relatively small, meaning it takes only one or two significant losses for cyber insurers to react and readjust.

In terms of rates, the insurance market is seeing rate increases, and it is anticipated that treaty renewals are going to continue to see the rate being pushed into 2021. Again, looking at things financially, from a macro perspective, the supply of capital amongst traditional lines continues to be a challenge. Low-interest rates continue to affect reinsurers, which puts a greater focus on underwriting profitability at the insurer level. Couple low rates with a lack of returns in traditional fixed income, and this is going to create headwinds for the industry in general. The cyber market in Canada has been very volatile for most of 2020 with pricing increases range around 10% to 50%, as well as a substantial increase in deductibles.

In terms of cyber coverage, brokers need to be aware that third-party liability coverage for data breaches is only one piece of the overall cyber insurance puzzle. The trends from a coverage standpoint - and the most causes of current cyber claims, are ransomware, social engineering, and business interruption. Not all businesses carry large amounts of personal data that may be targeted in data breaches; however, all businesses are dependent on computers, cell phones and the internet - things that ultimately make them vulnerable to different types of cyberattacks. The one thing that all companies do hold is employee data, which exposes all companies, regardless of size, to a potential data breach. To safeguard against today’s cyberattacks, small companies must reassess their security position and ensure adequate measures and controls are implemented, including the purchase of cyber insurance coverage.

In Canada, industries including finance, banking, healthcare, retail, and hospitality - all well known for holding and using personal information - have already been exposed to cyber insurance and the risk of data breaches. Industries like construction, transportation, and manufacturing, as well as smaller professional offices, however, are slowly being exposed to cybersecurity needs and do need more awareness in this space.

Key Market Trends

Evolving Regulatory Reforms are Driving the Market

GDPR in Europe or Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, are making companies move from a reactive approach to a proactive approach towards cybersecurity. Insurers are now seeing a greater focus on system security and the ability to safely store and use personal information. Canada was one of the first countries in the world to have federal legislation on mandatory notification for cyber/privacy breaches. Since Canadian legislation doesn’t guide what companies should do at a minimum, there isn’t a minimum standard for Canadian companies to follow. As a result, there is still a fair amount of cyber apathy in the Canadian context.

Both PIPEDA and GDPR certainly brought about an increase in the awareness of cyber policies as a method of risk transfer for businesses; however, with regulatory fines very few and far between - particularly for businesses that don’t hold any significant personally identifiable information (PII), like manufacturers or construction, there hasn’t been any meaningful claims activity for the everyday Canadian business. Less than 4% of the cyber claims are because of any third-party or regulatory action being brought forth. However, privacy laws have interacted with newer variants of ransomware that exfiltrate sensitive data to entice companies to pay their demands. Ransomware was always considered a severity-driven event long before data exfiltration, and it’s easy to see why when you add up the business interruption costs for loss of profits per day and re-creating potentially sophisticated and complex networks completely from scratch - not to mention paying the demand itself, which some companies have little choice but to do without appropriate backups. Now, with confidential data at stake, it’s brought in implications for having to conduct due diligence to determine whether data was viewed or exfiltrated by the criminals. As a result, businesses could have to bring in costly legal services to draft and issue an appropriate notification to customers under privacy guidelines.

Under PIPEDA, the Office of the Privacy Commissioner [OPC] can apply fines and penalties of up to $100k for a failure to report the circumstance if it involves information that could cause a ‘real risk of significant harm to the affected individuals. So, mandatory reporting gives guidance on when organizations need to report and what they need to do after a breach. The bulk of Canadian businesses are small - 97.9%, according to the latest census data. A fine of $100k for a 12-person manufacturing business is going to have a much more material impact on the solvency of that business than a $100k fine against a Facebook, Google or Apple. So, small businesses in Canada should be aware that this legislation is suggesting that they take this seriously or face the consequences.

Increase in Ransomware Attacks

Ransomware shows no sign of abating, making up 31% of the total claims managed globally last year and accounting for almost half those handled for Canadian businesses. However, 2020 is showing the emergence of one worrying trend when it comes to these attacks. Increase in criminals stealing confidential information and then threaten to release it if ransomware demands aren’t paid. They’re also conducting more due diligence to determine the maximum amount an organization can afford to pay to determine how much they try to extort. So, where ransomware was typically associated as being a business interruption or system damage concern, it’s increasingly becoming a privacy concern, triggering notification obligations to customers and key stakeholders. At the same time, businesses shouldn’t let the latest ransomware attacks distract them from the fact that run-of-the-mill phishing attacks, leading to business email compromise and wire transfer fraud, still make up a large percentage of claims across the globe, including for Canadian policyholders and accounts.

Competitive Landscape

The cyber market in Canada has grown in 2020, and continued growth is expected. The market has witnessed several new market entrants this year, and capacity continues to be available. Some of the major players in the market are AXA, Allianz, Assicurazioni Generali, Coalition, Aviva, Rogers Insurance, Chubb, SGI Canada, Boxx Insurance, Cansure and others.

Additional Benefits:

  • The market estimate (ME) sheet in Excel format
  • 3 months of analyst support

This product will be delivered within 2 business days.

Table of Contents

1.1 Study Assumptions and Market Definition
1.2 Scope of the Study
4.1 Market Overview
4.2 Market Drivers
4.3 Market Restraints
4.4 Porter's Five Forces Analysis
4.4.1 Threat of New Entrants
4.4.2 Bargaining Power of Buyers/Consumers
4.4.3 Bargaining Power of Suppliers
4.4.4 Threat of Substitute Products
4.4.5 Intensity of Competitive Rivalry
4.5 Impact of Covid-19 on the Market
5.1 By Product Type
5.1.1 Packaged
5.1.2 Standalone
5.2 By Application Type
5.2.1 Banking & Financial Services
5.2.2 IT & Telecom
5.2.3 Healthcare
5.2.4 Retail
5.2.5 Others
6.1 Vendor Market Share
6.2 Mergers and Acquisitions
6.3 Company Profiles
6.3.1 AXA
6.3.2 Allianz
6.3.3 Assicurazioni Generali
6.3.4 Coalition
6.3.5 Aviva
6.3.6 Rogers Insurance
6.3.7 Chubb
6.3.8 SGI Canada
6.3.9 Boxx Insurance
6.3.10 Cansure*

Companies Mentioned

A selection of companies mentioned in this report includes:

  • AXA
  • Allianz
  • Assicurazioni Generali
  • Coalition
  • Aviva
  • Rogers Insurance
  • Chubb
  • SGI Canada
  • Boxx Insurance
  • Cansure*