Nova Scotia Power breach highlights cyber insurance challenges in Canada’s utility sector

The March cyberattack affected data belonging to about 277,000 customers

Nova Scotia Power breach highlights cyber insurance challenges in Canada’s utility sector

Cyber

By Josh Recamara

The March cyberattack on Nova Scotia Power, which exposed customer data and disrupted business operations, has become a case study in the growing cyber insurance pressures facing Canada’s energy and utility providers.

The ransomware attack, which affected data belonging to about 277,000 customers, forced the utility to manually process invoices and delayed payments to contractors for months.

Although power generation and distribution were not disrupted, the financial and reputational fallout underscores the costly risks utilities face as cyber threats intensify, according to a report from The Canadian Press.

Cyber insurance experts note that such incidents are driving up premiums and deductibles across the market. Insurers have tightened underwriting standards for critical infrastructure, requiring stricter cybersecurity controls and detailed response protocols. For utilities handling sensitive customer and financial data, a single breach can trigger a cascade of liability, regulatory, and operational costs.

The incident also exposed vulnerabilities in billing systems. Nova Scotia Power was unable to retrieve usage readings from smart meters and had to issue estimated bills — an operational failure that would typically be factored into business interruption coverage under a comprehensive cyber insurance policy.

For contractors, the ripple effects have been financial. Some suppliers reported being owed tens of thousands of dollars due to delayed payments, raising questions about whether existing commercial insurance policies would respond to losses indirectly caused by cyber incidents.

The Nova Scotia Energy Board has since confirmed that all customers may have been affected, though the utility cannot determine which data was stolen, according to the report. The breadth of the exposure, which includes banking details and social insurance numbers, illustrates the magnitude of privacy liabilities that cyber insurers must now consider.

Industry observers said the breach will likely influence how cyber insurers approach utilities going forward, with emphasis on incident response planning, data protection, and third-party vendor oversight. .

Related Stories

LATEST NEWS

US Treasury sounds alarm on Anthropic AI as experts warn Mythos could accelerate cyber threats
CYBER

US Treasury sounds alarm on Anthropic AI as experts warn Mythos could accelerate cyber threats

AI won’t replace underwriters – but underwriters who use AI will
TRANSFORMATION

AI won’t replace underwriters – but underwriters who use AI will

‘One scheme, one loss’: why limits, vendor fraud and phishing tests matter in crime cover
COMMERCIAL SOLUTIONS

‘One scheme, one loss’: why limits, vendor fraud and phishing tests matter in crime cover

Cindy Manek on the hard truths of digital transformation in specialty insurance
TRANSFORMATION

Cindy Manek on the hard truths of digital transformation in specialty insurance

Could catastrophe bonds help tackle the insurance affordability crisis?
INSURANCE NEWS

Could catastrophe bonds help tackle the insurance affordability crisis?

Keep up with the latest news and events

Join our mailing list, it’s free!