Who Provides Cyber Insurance in Canada

/ Cyber warranty and Cyber Insurance, FAQ / By

Cyber insurance in Canada is offered by traditional insurance companies, specialty insurers, and brokerage firms. These providers offer standalone cyber insurance or as an add-on to general liability/business insurance policies.

Major Cyber Insurance Providers in Canada:

  1. Chubb Canada
    • Offers full cyber risk insurance
    • Covers data breaches, extortion, loss of income
  2. Cowan Insurance Group
    • Tailored cyber insurance for SMBs
    • Often bundled with managed IT services
  3. Intact Insurance
    • Offers cybercrime, privacy breach, and system damage protection
  4. Beazley Canada
    • Known for its Breach Response services
    • Specialized in healthcare, legal, and education
  5. Coalition
    • Cyber insurance with built-in cybersecurity tools
    • Focus on real-time risk mitigation
  6. Hub International
    • Brokerage offering customized cyber policies from multiple carriers
  7. Sovereign Insurance, Aviva, Zurich Canada, Travelers, and AXA XL also offer cyber liability insurance in the Canadian market.

Client Requirements to Qualify for a Cyber Insurance Claim

To successfully claim a cyber insurance payout, clients must meet pre-defined security standards and follow proper protocols before and after an incident. This is similar to making a health or auto insurance claim—compliance matters.

1. Pre-Claim Requirements (Before Breach)

Most insurers require the business to:

  • Use basic cybersecurity controls, such as:
    • Antivirus/EDR on all endpoints
    • Firewalls and network segmentation
    • MFA (multi-factor authentication) for remote access/email
    • Strong backup and disaster recovery (e.g., off-site + immutable)
  • Maintain written cybersecurity policies (incident response plan, access control, etc.)
  • Provide evidence of employee training
  • Complete a cybersecurity questionnaire or undergo a technical assessment (especially for higher coverage)

Failure to meet these pre-conditions may result in:

  • Higher premiums
  • Reduced coverage
  • Denial of claims

2. Post-Incident Requirements (After Breach)

Once an incident occurs, to claim the insurance:

  • Notify the insurer immediately (usually within 24–72 hours)
  • Preserve evidence and avoid tampering with affected systems
  • Allow insurer-appointed forensic teams to investigate
  • Provide logs, screenshots, and documents related to the event
  • Show compliance with security protocols (e.g., you had MFA enabled, backups were tested)
  • Submit costs/damages with proper documentation

Examples of Disqualified Claims:

  • Ransomware attack exploited unpatched software, and updates had been skipped for months
  • No MFA was used for email access, even though the policy required it
  • Backups failed during recovery due to untested procedures