Cybersecurity in Canada’s P&C Insurance Industry: A Call to Action

In an era where digital threats loom large, the importance of cybersecurity cannot be overstated, especially for Canada’s property and casualty (P&C) insurance industry. At the recent IBAOCon’24, held in Toronto, industry leaders gathered to discuss the pressing need for brokers to not only protect their clients but also to safeguard their own operations against the rising tide of cyberattacks.

The Current Cyber Landscape

Louis Gagnon, CEO of Intact Financial Corporation, addressed over 800 delegates at the Insurance Brokers Association of Ontario’s annual convention, emphasizing the critical need for brokers to enhance their cybersecurity measures. “For brokers, it starts with us,” Gagnon stated, highlighting that the first line of defense against cyber threats is the brokers themselves. He pointed out that many small businesses, including insurance brokers, are often inadequately protected, leaving them vulnerable to attacks.

The statistics paint a concerning picture. According to a recent report from Statistics Canada, while the overall number of businesses reporting cyberattacks has decreased—from 21% in 2019 to 16% in 2023—certain types of attacks, particularly ransomware, are on the rise. In 2023, over 1 in 8 impacted businesses reported experiencing ransomware attacks, an increase from 11% in 2021. This trend underscores the evolving nature of cyber threats and the necessity for robust protective measures.

The Oxygen Mask Analogy

Marissa Teeter, an executive coach and advisor who moderated the panel discussion, drew a compelling analogy to pre-flight safety instructions. She likened the need for brokers to secure their own cybersecurity to the advice given to airline passengers: put on your own oxygen mask before assisting others. This analogy serves as a reminder that brokers must prioritize their own cybersecurity to effectively protect their clients.

“It’s the oxygen mask analogy,” Teeter reiterated, emphasizing that brokers should ensure their own safety before they can adequately safeguard their clients’ interests.

The Weakest Link

Ben Isotta-Riches, Chief Distribution Officer of Aviva Canada, further elaborated on the risks faced by brokers. He warned that the weakest links in the cybersecurity chain are often the most vulnerable. “If you get a bad actor who’s looking to create some kind of breach, the weakest 10% in this room are the ones who will get hit,” he cautioned. This stark warning serves as a wake-up call for brokers to assess their cybersecurity posture and take proactive measures to fortify their defenses.

Isotta-Riches defined the “weakest kid” in the playground as someone who leaves their digital back door open, inviting cybercriminals to exploit vulnerabilities. This metaphor highlights the importance of vigilance and proactive security measures in an increasingly interconnected world.

The Financial Impact of Cyber Incidents

The financial ramifications of cyber incidents are staggering. StatsCan reported that total spending on recovery from cybersecurity incidents doubled in the past three years, soaring from approximately $600 million in 2021 to $1.2 billion in 2023. Despite this alarming increase in recovery costs, spending on prevention remains stable, indicating a potential gap in proactive cybersecurity measures.

Gagnon pointed out that one of the challenges in offering cyber insurance is the unpredictable nature of cyber risks. Unlike more tangible risks, such as water damage, the full extent of potential cyber threats remains largely unknown. “Cyber is probably the most unknown risk,” he noted, emphasizing the need for insurance professionals to better understand and quantify these risks.

Low Adoption Rates of Cyber Insurance

Despite the growing awareness of cyber threats, Gagnon reported a concerning trend: a low take-up rate of cyber insurance among business clients. He indicated that only 5% to 10% of brokers are willing to invest in coverage to protect personal information after an attack. This reluctance to adopt cyber insurance highlights a significant gap in risk management strategies within the industry.

Conclusion: A Call to Action

As the digital landscape continues to evolve, the need for robust cybersecurity measures in Canada’s P&C insurance industry has never been more critical. Brokers must take proactive steps to protect themselves and their clients from the ever-present threat of cyberattacks. By prioritizing their own cybersecurity, brokers can not only safeguard their operations but also enhance their ability to serve and protect their clients effectively.

The discussions at IBAOCon’24 serve as a crucial reminder that in the fight against cyber threats, preparation and vigilance are key. As Gagnon aptly stated, “We have to protect ourselves better than we’re protecting ourselves right now.” The time for action is now, and the responsibility lies with every broker to ensure they are not the weakest link in the cybersecurity chain.