For many rural Canadian business owners, cybersecurity has long seemed like a problem for someone else. But according to Travis Jones (pictured), owner of Thor Insurance & Registries, that mindset is quickly shifting.
"Even offline sectors, not traditionally computer-based, there's still exposures," Jones said. "Online banking, email compromise, some cloud computing – everything's kind of going online."
Professional forums like Canitcon, where brokers engage directly with IT experts, are playing a growing role in equipping the industry to better advise clients on evolving cyber risks.
Operating out of Alberta and serving commercial and agricultural clients, Jones has noticed a clear change: cybersecurity is no longer a hypothetical concern.
"There's a large increase in both the number of people affected and the interest in cyber insurance," Jones said. "It used to be, 'this will never happen to me.' Now it's, 'I know somebody this has happened to.'"
Industries once considered low-risk – such as farming or small trade businesses – are increasingly targeted. "Hackers know that smaller businesses and farmers don't have proper security protocols in place," Jones said. "So they'll target a large swath of people or an industry."
A 2023 report from the Canadian Centre for Cyber Security supports this trend, noting that small and medium-sized businesses (SMBs) continue to experience disproportionate impacts from cyber incidents, often with limited resources for response.
With cyber threats on the rise, the broker’s role is expanding beyond traditional coverage discussions.
"We always recommend mitigation practices first," Jones said. "Multi-factor authentication, password management, cybersecurity training – these are often low- or no-cost and can help prevent many breaches."
Many clients, Jones said, need help connecting the dots between digital vulnerabilities and real-world financial risk. "Insurance is confusing to most people. Cyber risk is confusing to most people. So we try to explain both in real-world terms."
That also means highlighting where policy gaps could leave a business exposed – especially in relation to compliance obligations or errors and omissions (E&O) risk.
Jones frequently encounters misconceptions among clients, particularly in more traditional industries. "Many believe that general liability covers cyber risks, or that their cloud storage is inherently secure," Jones said. "Clients also assume that cloud providers are fully responsible. That's not true."
Just as often, Jones said, businesses underestimate how much sensitive information they actually store – emails, payroll records, banking data, and more. Despite the risks, cyber insurance remains underused. Yet Jones said it’s more accessible than many realize.
As digital risks grow more complex, brokers are becoming key interpreters – helping clients understand what’s at stake.
"You're taking in two abstract things that most people don't understand – insurance and cybersecurity – and trying to explain how it affects them," Jones said. "It's about education, prevention, and making sure the right coverage is in place."
In an increasingly digitized economy, even the most traditional industries must now grapple with cyber exposure. For brokers, that means taking a more proactive, informed, and collaborative role in managing digital risk.
