Canadian small and mid-sized businesses (SMBs) are facing more cyberattacks than their peers globally, yet many still treat cyber insurance like a fire extinguisher behind glass: something to break open only after disaster strikes.
That mindset, according to Shawn Ram (pictured), chief revenue officer at Coalition, is no longer sustainable in a market where threats are constant, losses are severe, and prevention can make the difference between a near miss and a devastating claim.
“A higher percentage of Canadian small businesses have experienced cyberattacks compared to the global average,” Ram told Insurance Business.
And yet, Coalition’s data show that the perception persists that they’re too small to be targeted. That disconnect is exactly where the risk lies.
“Despite the increased risk, small businesses continue to view cybersecurity tools and services as elective purchases and misunderstand the potential serious impacts an attack could have on their business,” said George Bozanin, head of Canada at Coalition.
Coalition’s 2025 Cyber Claims Report found that more than 85 percent of Canadian SMBs reported at least one cyber incident over the past five years, compared with fewer than 80 percent globally. Despite this, many continue to underinvest in cybersecurity or rely on minimal coverage.
Industry experts agree that this overconfidence is common among smaller firms. Owners often believe cybercriminals prefer big corporate targets, when in reality, opportunistic attacks – such as phishing, ransomware, or funds transfer fraud – fall hardest on businesses without robust defenses.
Cybercriminals often favour smaller organizations precisely because they lack the layered defenses of larger enterprises. A single exposed remote access tool, unpatched system, or employee who clicks on a phishing link can be enough to compromise an SMB. Unlike multinational firms, which can absorb downtime and hire incident responders quickly, smaller companies may see operations grind to a halt and recovery costs balloon.
That vulnerability is magnified when businesses assume cyber insurance alone will act as a safety net, without realizing that coverage gaps or insufficient limits can leave them exposed.
“This data demonstrates that a higher proportion of Canadian small businesses spend more than 10 hours per week on cybersecurity related activities compared to the global results,” Ram said.
Traditionally, cyber insurance has been a reactive product. Companies purchased coverage, filed a claim after an incident, and waited for reimbursement. But Ram argued that cyber is different from other risks: the threats are constant, fast-evolving, and technically complex.
Coalition has built its model around what it calls “active insurance” – coverage that doesn’t sit passively until a claim arrives but actively monitors and intervenes to reduce exposure.
This includes deploying honeypots – decoy systems set up to mimic the technologies used by real businesses – to monitor adversary behaviour in real time. Over the last month alone, Coalition recorded more than 26 billion attempted connections to these machines, Ram said.
By watching how attackers behave against these fake systems, Coalition can alert policyholders when they are running vulnerable configurations in the real world.
“When we see adversaries scanning for remote desktop protocol within seconds of it being exposed online, that tells us it’s a live threat vector,” Ram said. “We can then notify customers to put it behind a firewall or enable multi-factor authentication before it turns into a claim.”
If a company is paying comparable premium, they should work with a provider that helps them prevent the claim from happening in the first place, Ram said.
“That’s the value of active insurance – it delivers before, during, and after an incident.”
Other companies Insurance Business has spoken to are also adopting a similar approach, signaling a broader shift in the cyber insurance market. Insurers are increasingly moving away from the traditional, reactive model and embracing proactive risk management as a core part of their offering.
Coalition’s claims data also underscores where Canadian companies are most at risk. Business email compromise (BEC) accounted for 28.6 percent of all claims in Canada, while funds transfer fraud represented another 24.5 percent. Together, those two schemes made up more than half of all incidents.
Ransomware, long considered the most severe threat, was also more damaging in Canada than elsewhere. The average ransomware claim in Canada reached $665,000, more than double the global average.
Ram said the numbers highlight why Canadian SMBs can’t afford to treat cyber as a niche or optional coverage. “These aren’t just IT issues – they’re business continuity issues,” he said.
