Newsroom
Events
Subscribe

Guide

The cost of a data breach: 2025 NetDiligence Cyber Claims Study

Do you know the true cost?

September 25, 2025

Key takeaways

Ransomware and business email compromise accounted for 68% of claims for Canada from 2020–2024.

image of money and sales chart showing upward growth

The average five-year total incident cost for Canada was US$874,000.

Total incident costs at small and medium enterprises in Canada are up in almost every category.

#
Risk consulting Cybersecurity consulting Cybersecurity

Understanding the ongoing cybersecurity threats to the middle market

As cybersecurity threats and data security events continue to increase, understanding the costs and resources necessary to respond to a data breach is essential. RSM is a proud sponsor of the fifteenth annual NetDiligence® Cyber Claims Study, a report detailing the actual losses from data breaches and other cyber-related incidents covered by leading cyber insurance carriers.

This year’s report features an analysis of over 10,000 cyber claims arising from events that occurred between 2020 and 2024. Ransomware and business email compromises (BEC) continue to be the two leading causes of loss in the NetDiligence survey. Losses in the top four categories (ransomware, BEC, hackers and wire transfer fraud) accounted for 72% of all claims and 85% of total incident costs during that five-year period for small to medium enterprises.

Almost all the claims in the survey (98%) were from small to medium enterprises with less than US$2 billion in annual revenue. While large companies represented only 2% of claims, they accounted for 51% of the total incident costs in the report.

Companies need security hygiene and good control of their identities, multifactor authentication, and reduction of privileged identities. Those things alone will help shrink the attack surface. But there’s always a chance they’re going to get in. So now, what’s your resiliency plan? Do you have one? Have you tested it? Do you have the vendors in place to help you recover?
Alden Hutchison, Principal, RSM US LLP

Bonus content inside the report:

Creating a blueprint for cybersecurity resilience

Companies should establish an effective foundation to strengthen their ongoing cybersecurity efforts. RSM recommends the following five steps:

  1. Double down on fundamental protections
  2. Manage vendors and third parties
  3. Embrace the cloud securely
  4. Stay ahead of emerging threats
  5. Stress incident response and resilience

By shrinking the overall attack surface and establishing a more resilient environment, companies can mitigate current and future risks and limit damage if—or when—an attack occurs.

Download the report

Stay up to date on what matters most to your business.

Let us know your personal preferences for topics, industries and services to start receiving RSM updates in your inbox. Get the most from insights, events and offers from our team of first-choice advisors.   

THE POWER OF BEING UNDERSTOOD

ASSURANCE | TAX | CONSULTING

RSM Canada LLP is a limited liability partnership that provides public accounting services and is the Canadian member firm of RSM International, a global network of independent assurance, tax and consulting firms. RSM Canada Consulting LP is a limited partnership that provides consulting services and is an affiliate of RSM US LLP, a member firm of RSM International. The member firms of RSM International collaborate to provide services to global clients but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmcanada.com/about for more information regarding RSM Canada and RSM International.

© 2025 RSM CANADA LLP. All rights reserved.