“Unfortunately, there’s still so many Canadian businesses that choose not to buy a cyber insurance policy”
Laura Martin, CFC
“Digital investments, including cloud investments, are at all-time highs and continue to outpace cybersecurity spend, according to many industry reports, and with that it’s really no surprise that the ransomware and supply chain attacks aren’t faltering”
Chris Pitcher, Arch Insurance
“So many of my clients look at this as just an insurance policy, but I very much look at it as a service as well”
Michélle Lawson, WTW
In Partnership with
Navigating a more
crowded cyber marketplace
The cyber insurance marketplace has stabilized somewhat following a flurry of entrants. Sustainability and service should remain key considerations as brokers encourage Canadian businesses to make the most of pricing “breathing room”
Read on
Chris Pitcher
Arch Insurance
Laura Martin
CFC
Michelle Lawson
WTW
Industry experts
NEW ENTRANTS and improved controls have meant cyber market stabilization has continued into the second half of 2023, but many Canadian businesses continue to shirk the cover while focusing on digital investment elsewhere.
Meanwhile, ransomware frequency is edging back up and human error continues to drive losses, and the rise of generative AI and other technologies could pose new cyber hurdles for organizations if they are not communicating changes with their broker.
This is according to cyber experts from Arch Insurance, CFC, and WTW, who joined Insurance Business for a roundtable to assess the state of the cyber insurance market in 2023.
Leading cyber insurance companies are increasingly collaborating with global law enforcement and cybersecurity organizations to share intelligence and grapple with the digital threat, but for Laura Martin, CFC cyber development manager, Canada, the “bigger challenge” remains getting businesses to get out and purchase a policy.
The impact of a cyberattack can be devastating and can even lead to bankruptcy for smaller firms.
“Unfortunately, there’s still so many Canadian businesses that choose not to buy a cyber insurance policy,” says Martin. “Our role really, as an industry, is to educate our brokers on the threat landscape and what that looks like and how it’s continuously changing.”
Ransomware remains the biggest threat, the cyber insurance experts agreed.
“Unfortunately, it isn’t going away any anytime soon,” says Martin. “It is highly profitable … and the financial award when it comes to ransomware far outweighs the risk and the likelihood of getting caught.”
WTW reached the same volume of cyber notifications in the first six months of 2023 as it did for all of 2022, Lawson shares.
While claims severity has trended lower, there have been signs that this is “starting to tick up again” after last year’s frequency and quantum lull that some experts have attributed to a blend of increased security controls and preparedness and the Russia-Ukraine conflict, according to Pitcher. As of 2023, companies are not paying a ransom “well over 50 percent of the time,” Pitcher says.
There are still plenty of reasons that some companies “won’t think twice” about paying a ransom, from backup quality concerns to critical data theft and reputational risk to downtime costs, according to Pitcher.
Insureds have moved to improve their cybersecurity posture, and more have been able to successfully restore systems from backups. However, as they have adapted, so have cyber criminals.
“That’s where the bad actors are trying to evolve and going in and trying to delete or encrypt backups before launching an attack, which speaks to how this landscape is continually evolving and how threat actors have to keep pivoting as we’re increasing the investments with technology and cybersecurity protections,” Lawson says.
This year has provided some “much-needed breathing room” for insureds from a pricing standpoint with a “large amount of new entrants” into the marketplace, and it should be a good time for new and existing buyers to add coverage, according to Michélle Lawson, cyber practice leader, WTW.
Given the current cyber landscape, it is vital that businesses set out a defence in-depth strategy “to be able to thwart and mitigate any attack and reduce any downtime and disruption,” says Arch Insurance assistant vice president, head of cyber Chris Pitcher.
Additional supply chain risks have bloomed as companies continue to invest heavily in the cloud and become more reliant on outsourced service providers.
“Digital investments, including cloud investments, are at all-time highs and continue to outpace cybersecurity spend, according to many industry reports,” says Pitcher. “And with that, it’s really no surprise that the ransomware and supply chain attacks aren’t faltering.”
Dependency on suppliers and vendors can create “large exposures,” he adds, and while an attacker’s goal may not always be to leverage a vendor’s access into a company’s environment, it is vital that proper access controls are in place and organizations communicate with their suppliers.
Currently, some businesses lack understanding around what they are and are not liable for when using third-party suppliers.
“A lot of businesses feel that because they’re outsourcing their information using managed service providers, they don’t actually have any cyber exposure and that falls to them [the MSP],” says Martin. “Unfortunately, that’s completely not true – if you look at the contractual agreements between a lot of these vendors, generally that risk is removed, and the liability is very much on the business owner who is using them to store all their information.”
Artificial intelligence (AI) could prove a key area to watch. While many industries have already been busily embedding the technology, meaning it does not present a totally new risk, it can open organizations up to more exposures, with both security and compliance controls needed.
Generative AI is likely to pose a greater risk than the type of reactive AI that is more frequently already being used by companies, according to Pitcher.
It is vital that companies that are looking at new technologies that could change their cyber-risk profile communicate with their insurance broker to avoid surprises at renewal, Lawson says.
Bad actors are also looking at how they can make the most of recent technologies. Hackers are already looking to what Martin describes as an “evil version” of ChatGPT, called WormGPT, to launch phishing attacks.
“Ransomware is a threat right now, but what’s to say in another five years or so whether ransomware is still going to be that threat? No one knows, and AI is definitely going to enhance the threat that we’re seeing,” says Martin.
Meanwhile, emerging technologies and ransom gangs may capture imaginations and headlines, but the age-old issue of human error continues to pose challenges.
“The human error element is really key, and something that I hammer to a lot of my brokers in that for CFC it represents 75 percent of losses,” says Martin, who points out that fraudulent funds transfers are also on the up, with many insurance policies not offering cover for this.
Where it comes to picking out a policy and an insurance partner, the experts all agree that service, not just price, should be a vital part of the decision.
Proactive services, communication, incident response, and claims prevention should all be considerations for brokers and insurance buyers, according to Martin.
“Cyber insurance policies are very much no longer reactive – it’s very much a proactive solution,” she says.
“So many of my clients look at this as just an insurance policy, but I very much look at it as a service as well,” says Lawson.
Not all policies are created equal, and in a more crowded market, sustainability should also be top of mind for buyers, according to Pitcher, who says that finding a carrier that takes a risk by risk rather than a “broad-brush” approach, in addition to offering timely responses, is also critical.
Cyber insurance can be daunting for insureds, and it is vital that brokers are able to act as trusted advisors with open lines of communication across the chain, whether that’s helping a client prepare to enter the market or sharing threat information from insurers, the experts agree.
CFC is a specialist insurance provider, pioneer in emerging risk, and market leader in cyber. Our global insurance platform uses cutting-edge technology and data science to deliver smarter, faster underwriting and protect customers from today’s most critical business risks. Headquartered in London with offices in New York, San Francisco, Austin, Brussels, and Brisbane, CFC has over 800 staff and is trusted by more than 100,000 businesses in 90 countries. Learn more at cfc.com and LinkedIn.
Find out more
Michélle is the Canadian cyber practice leader for WTW where she leads the placement of effective and market-leading cyber and technology E&O solutions for her clients. Michélle is particularly experienced in large domestic and international cyber placements and provides risk solutions to organizations; she also advises on WTW’s analytics and cyber consulting services, which help to assess cyber risk exposures.
WTW
Michelle Lawson
With over 15 years’ experience in the insurance industry, Laura is an expert in underwriting professional liability and cyber insurance. She has gone on to specialize in the Canadian and Australian markets over the past 10 years at CFC. As cyber development manager for Canada, Laura focuses on fostering broker relationships and ensuring their growth and development. She also collaborates closely with the wider Canadian team on growth strategy and business development. Given her wealth of experience, Laura continues to play an active role in the underwriting strategy for international risks, internal development, and mentoring the team.
CFC
Laura Martin
Chris Pitcher is AVP and head of cyber for Arch Insurance Canada based out of Toronto, ON. He was promoted from underwriting manager, professional liability (US) where he focused on cyber, tech, and E&O. He joined Arch Canada after eight years with Arch in New York City and Jersey City, holding positions in claim operations and finance before transitioning to underwriting. He was instrumental in the growth of cyber for Arch US and has brought his technical skillset and solution-oriented mindset to Canada. Chris has a bachelor’s degree in finance from Central Connecticut State University (US).
Arch Insurance
Chris Pitcher
Navigating a more
crowded cyber marketplace
The cyber insurance marketplace has stabilized somewhat following a flurry of entrants. Sustainability and service should remain key considerations as brokers encourage Canadian businesses to make the most of pricing “breathing room”
Read on
Michelle Lawson
WTW
Laura Martin
CFC
Chris Pitcher
Arch Insurance
Industry experts
NEW ENTRANTS and improved controls have meant cyber market stabilization has continued into the second half of 2023, but many Canadian businesses continue to shirk the cover while focusing on digital investment elsewhere.
Meanwhile, ransomware frequency is edging back up and human error continues to drive losses, and the rise of generative AI and other technologies could pose new cyber hurdles for organizations if they are not communicating changes with their broker.
This is according to cyber experts from Arch Insurance, CFC, and WTW, who joined Insurance Business for a roundtable to assess the state of the cyber insurance market in 2023.
In January, MPA held a roundtable discussion with four customer-owned banks: Heritage Bank, Beyond Bank, Teachers Mutual Bank Limited and Bank Australia. We were also joined by two brokers who use mutual banks for their clients’ business: Christopher Lee and David Merison.
As brokers such as these struggle with the greater scrutiny that has following the royal commission, customer-owned banks are stepping up to the plate, providing a service that highlights the value of human interaction. With questions around living expenses forcing a heavier workload on brokers, this personal touch can be vital.
During the roundtable, which took place at Otto restaurant in Sydney, the group discussed the unique value proposition that customer-owned banks offer, particularly with the lack of shareholders they have to cater for. While other
Chris Pitcher is AVP and head of cyber for Arch Insurance Canada based out of Toronto, ON. He was promoted from underwriting manager, professional liability (US) where he focused on cyber, tech, and E&O. He joined Arch Canada after eight years with Arch in New York City and Jersey City, holding positions in claim operations and finance before transitioning to underwriting. He was instrumental in the growth of cyber for Arch US and has brought his technical skillset and solution-oriented mindset to Canada. Chris has a bachelor’s degree in finance from Central Connecticut State University (US).
Arch Insurance
Chris Pitcher
With over 15 years’ experience in the insurance industry, Laura is an expert in underwriting professional liability and cyber insurance. She has gone on to specialize in the Canadian and Australian markets over the past 10 years at CFC. As cyber development manager for Canada, Laura focuses on fostering broker relationships and ensuring their growth and development. She also collaborates closely with the wider Canadian team on growth strategy and business development. Given her wealth of experience, Laura continues to play an active role in the underwriting strategy for international risks, internal development, and mentoring the team.
CFC
Laura Martin
Michélle is the Canadian cyber practice leader for WTW where she leads the placement of effective and market-leading cyber and technology E&O solutions for her clients. Michélle is particularly experienced in large domestic and international cyber placements and provides risk solutions to organizations; she also advises on WTW’s analytics and cyber consulting services, which help to assess cyber risk exposures.
WTW
Michelle Lawson
Navigating a more
crowded cyber marketplace
The cyber insurance marketplace has stabilized somewhat following a flurry of entrants. Sustainability and service should remain key considerations as brokers encourage Canadian businesses to make the most of pricing “breathing room”
Read on
Michelle Lawson
WTW
Laura Martin
CFC
Chris Pitcher
Arch Insurance
Industry experts
NEW ENTRANTS and improved controls have meant cyber market stabilization has continued into the second half of 2023, but many Canadian businesses continue to shirk the cover while focusing on digital investment elsewhere.
Meanwhile, ransomware frequency is edging back up and human error continues to drive losses, and the rise of generative AI and other technologies could pose new cyber hurdles for organizations if they are not communicating changes with their broker.
This is according to cyber experts from Arch Insurance, CFC, and WTW, who joined Insurance Business for a roundtable to assess the state of the cyber insurance market in 2023.
In January, MPA held a roundtable discussion with four customer-owned banks: Heritage Bank, Beyond Bank, Teachers Mutual Bank Limited and Bank Australia. We were also joined by two brokers who use mutual banks for their clients’ business: Christopher Lee and David Merison.
As brokers such as these struggle with the greater scrutiny that has following the royal commission, customer-owned banks are stepping up to the plate, providing a service that highlights the value of human interaction. With questions around living expenses forcing a heavier workload on brokers, this personal touch can be vital.
During the roundtable, which took place at Otto restaurant in Sydney, the group discussed the unique value proposition that customer-owned banks offer, particularly with the lack of shareholders they have to cater for. While other
With over 15 years’ experience in the insurance industry, Laura is an expert in underwriting professional liability and cyber insurance. She has gone on to specialize in the Canadian and Australian markets over the past 10 years at CFC. As cyber development manager for Canada, Laura focuses on fostering broker relationships and ensuring their growth and development. She also collaborates closely with the wider Canadian team on growth strategy and business development. Given her wealth of experience, Laura continues to play an active role in the underwriting strategy for international risks, internal development, and mentoring the team.
CFC
Laura Martin
Michélle is the Canadian cyber practice leader for WTW where she leads the placement of effective and market-leading cyber and technology E&O solutions for her clients. Michélle is particularly experienced in large domestic and international cyber placements and provides risk solutions to organizations; she also advises on WTW’s analytics and cyber consulting services, which help to assess cyber risk exposures.
WTW
Michelle Lawson
Share
Share
Share
Chris Pitcher is AVP and head of cyber for Arch Insurance Canada based out of Toronto, ON. He was promoted from underwriting manager, professional liability (US) where he focused on cyber, tech, and E&O. He joined Arch Canada after eight years with Arch in New York City and Jersey City, holding positions in claim operations and finance before transitioning to underwriting. He was instrumental in the growth of cyber for Arch US and has brought his technical skillset and solution-oriented mindset to Canada. Chris has a bachelor’s degree in finance from Central Connecticut State University (US).
Arch Insurance
Chris Pitcher
Many Canadian businesses missing out on the value of cyber insurance
Published 23 Oct 2023
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
CA
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2023 KM Business Information Canada Ltd
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
CA
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2023 KM Business Information Canada Ltd
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
CA
Copyright © 2023 KM Business Information Canada Ltd
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Ransomware still the biggest threat with frequency rising again
Cyber insurance coverage permeation
Almost three-quarters (74 percent) of Canadian organizations had some form of cyber insurance coverage as of 2022
2022
36%
had coverage as part of a cybersecurity-specific policy
had coverage as part of a business insurance policy
38%
2021
had coverage as part of a cybersecurity-specific policy
29%
had coverage as part of a business insurance policy
30%
Source: 2022 CIRA Cybersecurity Survey
Tackling misconceptions around supply chain and vendor risk
AI and emerging technologies can add to risk
Victims per one million internet users
Top countries by cybercrime density (2022)
4,371
1,612
156
106
56
Source: Surfshark
Differentiating cyber insurance offerings in a more crowded market
Arch Insurance North America is part of a global insurer offering superior coverage and service. We participate in specialty lines where the talent and knowledge of our employees are a competitive differentiator. We serve North America from offices in the United States and Canada, providing superb coverage and claims handling through careful and diligent underwriting of risks and business-friendly solutions. With 20 years of operating history and strong financial ratings, our track record remains solid.
Find out more
