As Cybersecurity Awareness Month begins, Zensurance is cautioning Canadian small businesses about growing cyber threats, warning that many remain unprotected despite a surge in attacks.
A Pollfish survey of 1,000 entrepreneurs commissioned by the firm found that 53% of small businesses have already experienced an incident, ranging from phishing attempts (46%) and malware (23%) to fraudulent transfers (19%) and ransomware (6%).
The financial stakes are significant. Industry data showed average losses of $89,000 per phishing incident, $118,000 from funds transfer fraud, and $330,000 from ransomware. Data breaches cost an average of $220,000, far higher than the cost of cyber liability insurance.
Despite this, coverage remained patchy. Zensurance’s Small Business Confidence Index found that nearly a quarter of businesses admit they are not prepared for a cyber-attack, while one in four lacks cyber liability coverage altogether. More than 60% of small firms and nearly three-quarters of sole proprietors continue to believe they are “too small” to be targeted, a misconception that insurers and security experts say leaves them exposed.
Zensurance founder and chief executive Danish Yusuf (pictured above) said small businesses often underestimate how easily a cyber incident can escalate, noting that even one fraudulent click or missed software update could put a company’s survival at risk.
The rise of artificial intelligence-enabled attacks is compounding concerns. One-third of business owners now view AI-driven cybercrime as a major threat, while another 40% see it as an emerging risk.
According to Graeme Barrie, cybersecurity consultant and president of NetMechanics.ca, small firms are often attractive targets because their protections are limited. He said that the most effective way for businesses to safeguard themselves is through a combination of preventative measures and insurance coverage.
For the insurance sector, the findings pointed to both a challenge and an opportunity.
Brokers and carriers face the task of raising awareness among smaller firms while tailoring products to meet tighter budgets. Industry observers expect demand for stand-alone cyber policies to grow as ransomware and phishing incidents escalate, though insurers may also need to adjust underwriting standards in response to evolving AI-driven risks. Premiums for high-exposure sectors could come under upward pressure, while bundled policies with flexible entry-level options are likely to gain traction with SMEs.
The survey results suggest that insurers able to combine education, accessible coverage and proactive risk services will be best positioned to capture market share in a rapidly expanding cyber insurance segment.
