Ransomware and business email compromise accounted for 68% of claims for Canada from 2020–2024.
Ransomware and business email compromise accounted for 68% of claims for Canada from 2020–2024.
The average five-year total incident cost for Canada was US$874,000.
Total incident costs at small and medium enterprises in Canada are up in almost every category.
As cybersecurity threats and data security events continue to increase, understanding the costs and resources necessary to respond to a data breach is essential. RSM is a proud sponsor of the fifteenth annual NetDiligence® Cyber Claims Study, a report detailing the actual losses from data breaches and other cyber-related incidents covered by leading cyber insurance carriers.
This year’s report features an analysis of over 10,000 cyber claims arising from events that occurred between 2020 and 2024. Ransomware and business email compromises (BEC) continue to be the two leading causes of loss in the NetDiligence survey. Losses in the top four categories (ransomware, BEC, hackers and wire transfer fraud) accounted for 72% of all claims and 85% of total incident costs during that five-year period for small to medium enterprises.
Almost all the claims in the survey (98%) were from small to medium enterprises with less than US$2 billion in annual revenue. While large companies represented only 2% of claims, they accounted for 51% of the total incident costs in the report.
Companies need security hygiene and good control of their identities, multifactor authentication, and reduction of privileged identities. Those things alone will help shrink the attack surface. But there’s always a chance they’re going to get in. So now, what’s your resiliency plan? Do you have one? Have you tested it? Do you have the vendors in place to help you recover?
Creating a blueprint for cybersecurity resilience
Companies should establish an effective foundation to strengthen their ongoing cybersecurity efforts. RSM recommends the following five steps:
By shrinking the overall attack surface and establishing a more resilient environment, companies can mitigate current and future risks and limit damage if—or when—an attack occurs.