Businesses can’t view cyber risk as just an IT issue

IN Partnership with

Cyber risks cited by 31 percent of leaders as their greatest threat this year

AS THE cyber risk accelerates, organizations are facing an uphill battle against cybercriminals intent on exploiting their security gaps and infiltrating their systems. According to Beazley’s recent Spotlight on Tech Transformation & Cyber Risk report, 31 percent of leaders cited cyber risks as their greatest threat this year, up from 28 percent in 2024. What’s more, 36 percent plan to invest in improved cybersecurity this year to get a handle on the threat, and 76 percent promised to improve their business’ overall cybersecurity with its third-party suppliers. “We know that hackers are targeting larger firms through smaller suppliers, and Canadian businesses are seeking to strengthen their cyber resilience in response to rising third-party risks,” said Ahmed Javaid, regional manager – cyber risks at Beazley. “Our latest Risk & Resilience report found that 76 percent of Canadian firms plan to enhance cybersecurity measures with their third-party suppliers – a critical move given the vulnerabilities that interconnected ecosystems can introduce. “This shift is needed. No business is impenetrable and resilience must be built through preparation, not panic. Organizations should increasingly be looking to implement robust vendor oversight, clear contractual responsibilities, and continuous monitoring to reduce financial and legal exposure, as well as reputational damage, in the event of a breach.”

Beazley is a global specialty insurer that harnesses the power of expertise and employs a forward-looking view of risk to support its clients as they navigate an increasingly complex world. With an international footprint, and offices in Toronto, Montreal, and Vancouver, Beazley does business where you do business, viewing every risk as an opportunity to do things differently. By developing long-term partnerships and constantly building on its deep knowledge of the environment and challenges its clients operate in and face, Beazley is ultimately helping businesses outperform and thrive.

Find out more

Cyber risks vs. cyber preparedness

“Organizations should increasingly be looking to implement robust vendor oversight, clear contractual responsibilities, and continuous monitoring to reduce financial and legal exposure, as well as reputational damage, in the event of a breach”

Ahmed Javaid, Beazley

Despite Canadian executives feeling prepared for cyber threats, Beazley’s report suggests this confidence may well be misplaced. According to the data, 80 percent of Canadian executives believe they are prepared for cyber threats; however, over one-quarter believe cyberattacks are their greatest vulnerability. “The contradiction between rising concern and perceived resilience suggests many firms underestimate the complexity and speed of today’s threat landscape,” explained Javaid. “This overconfidence often stems from assumptions like “we’re too small to be a target” or “our internal systems are strong enough.” But as the report highlights, third-party vulnerabilities, AI-powered ransomware, and hacktivism are escalating risks that can bypass even well-defended organizations.” This myth that smaller businesses are safe from cyberattacks couldn’t be more misplaced. With media headlines focused mainly on large-scale ransomware attacks, smaller businesses falsely believe they’re not a target. On the contrary, data collected by StrongDM indicates that 95 percent of cybersecurity incidents at SMEs cost between $826 and $653,587, with 50 percent of SMEs saying that it took 24 hours or longer to recover from the attack.

Furthermore, as Javaid told IB, outsourcing cybersecurity may also be leading to a false sense of security. Remember, it doesn’t eliminate the need for active employee training business continuity planning maintaining internal best practices defence-in-depth cybersecurity “Some businesses may feel confident simply because they’ve assessed certain areas of cyber risk – ransomware, for example – but that confidence can be misleading,” he said. “In reality, organizations face a ‘whack-a-mole’ landscape of evolving threats that demand constant vigilance. The ransomware ecosystem is adapting rapidly, with the rise of Edge devices like work phones and tablets, and the expansion of the Internet of Things (IoT), giving threat actors new entry points to exploit. And with AI helping cybercriminals automate attacks, enhance phishing, and create more convincing deepfakes, it’s even clearer now that cyber risk is never static.”

Genuine resilience requires more than confidence, or a one-and-done exercise. It demands continuous investment, board-level cyber leadership, and an ecosystem of controls that are pre-emptive, reactive, and adaptive. “As such, cybersecurity must be embedded into the culture, not treated as a one-off exercise,” said Javaid. And, considering the growing demand for cyber insurance in Canada, insurers are having to adapt their offerings to meet the specific needs of businesses in 2026 and beyond. For Javaid, this begins with seeing cyber coverage as a strategic necessity – not a nice-to-have add-on. “Cyber resilience can’t be seen as optional; it must be viewed as a core part of business strategy for companies of every size,” he told IB. “Further, while it might be viewed as a big-business problem, cyber risk extends to SMEs, and while strong defences help deter threats, SMEs often lack the resources for robust protection. That’s where insurance plays a vital role: not just in covering losses, but in educating businesses, evolving offerings, and providing access to incident-response experts and cybersecurity specialists.”

“Cyber risk is broad, evolving, and increasingly tied to leadership accountability. It demands a strategic, cross-functional response”

Ahmed Javaid, Beazley

According to Beazley’s report, 44 percent of Canadian executives now trust the value of insurance, and 27 percent are considering expanded coverage that includes risk and crisis management. There’s a clear opportunity here – to demonstrate how specialty insurance supports businesses across the entire life cycle, helping them prevent, respond to, and recover from cyber incidents while adapting to a fast-changing digital landscape. “So, when it comes to the full spectrum of risk, the goal isn’t just a reactive safety net – it’s a resilient ecosystem,” said Javaid. Looking to the future of cyber coverage across Canadian businesses, it’s clear there’s something of a disconnect both in terms of a misplaced sense of SME security and in the sophistication of attacks happening.

“Businesses can’t view cyber risk as just an IT issue. It permeates to other areas,” explained Javaid. “One growing gap in protection is the intersection of cyber and D&O risk. A cyber breach doesn’t end on day one; its consequences can unfold long after the initial incident.” And it’s the aftermath that is the most stressful time for businesses leaders, with shareholders demanding answers to tough questions such as How did threat actors gain access? What due diligence was in place? How quickly was the breach identified? How was it handled and remediated? What contingency plans existed? Why has the share price suffered? “These are not just technical concerns – they’re governance issues,” added Javaid. “And with M&A activity on the horizon, businesses must also ask: Are they purchasing a cyber risk? Is due diligence thorough? Is the CISO involved in the process? “Cyber risk is broad, evolving, and increasingly tied to leadership accountability. It demands a strategic, cross-functional response.”

Debunking cyberattack myths for SMEs

‘Cybersecurity must be embedded into the culture’

Published November 3, 2025

E-Newsletter

Authors

Regular Contributors

Advertise

IB Markets - Contact Us

Providers

Line of Business

IB Markets

Cannabis

Catastrophe

Claims

Commercial Solutions

Construction & Engineering

Cyber

Environmental

Hospitality

Legal Insights

Life & Health

Marine

Motor & Fleet

Non-Profits & Charities

Professional Risks

Property

SME

Technology

Travel

Specialty

Best in Insurance

Business Strategy

E-mag

Editorial Panels

Events

Guides

IB Talk

Industry Insights

Insurance Companies

Opinion

Premium Content

Webinars

White papers

Resources

Reinsurance

Risk Management

Insurance News

Industry News

Columns

Diversity & Inclusion

Mergers & Acquisitions

News

RSS

Sitemap

About us

Conditions of Use

Consent Preferences

Cookie policy

Terms & conditions

E-Newsletter

Authors

Regular Contributors

Advertise

IB Markets - Contact Us

Providers

Line of Business

IB Markets

Cannabis

Catastrophe

Claims

Commercial Solutions

Construction & Engineering

Cyber

Environmental

Hospitality

Legal Insights

Life & Health

Marine

Motor & Fleet

Non-Profits & Charities

Professional Risks

Property

SME

Technology

Travel

Specialty

Best in Insurance

Business Strategy

E-mag

Editorial Panels

Events

Guides

IB Talk

Industry Insights

Insurance Companies

Opinion

Premium Content

Webinars

White papers

Resources

Reinsurance

Risk Management

Insurance News

Industry News

Columns

Diversity & Inclusion

Mergers & Acquisitions

News

RSS

Sitemap

About us

Conditions of Use

Cookie Policy

Terms & conditions

People

E-Newsletter

Authors

Advertise

Regular Contributors

IB Markets - Contact Us

Providers

Line of Business

IB Markets

Cannabis

Catastrophe

Claims

Commercial Solutions

Construction & Engineering

Cyber

Environmental

Hospitality

Legal Insights

Life & Health

Marine

Motor & Fleet

Non-Profits & Charities

Professional Risks

Property

SME

Technology

Travel

Specialty

Best in Insurance

Business Strategy

E-mag

Editorial Panels

Events

Guides

IB Talk

Industry Insights

Insurance Companies

Opinion

Premium Content

Webinars

White papers

Resources

Reinsurance

Risk Management

Insurance News

Industry News

Columns

Diversity & Inclusion

Mergers & Acquisitions

News

RSS

Sitemap

About us

Conditions of Use

Cookie Policy

Terms & conditions

People

31%

selected cyber risks as their greatest threat this year

up from 28% in 2024

up from 64% in 2024

feel prepared to deal with these risks

80%

agreed their business is planning to improve its cybersecurity with its third-party suppliers following high-profile systemic cyber incidents

76%

up from 26% in 2024

plan to invest in improved cybersecurity this year

36%

Source: Beazley

‘Businesses can’t view cyber risk as just an IT issue’

agreed that AI will have a positive impact on their business’ economic prospects this year

75%

agreed that AI will replace jobs in their company over the next 18 months

67%

ranked tech-obsolescence risk as their top cyber & tech threat this year

26%

down from 2024

ranked IP risk as their greatest threat this year

20%

AI’s ongoing impact on cybersecurity

down from 28% in 2024

down from 34% in 2024

feeling unprepared

21%

Source: Beazley

Sense of resilience to this risk has increased, with