Skip to main content
Cyber Insurance

Cyber Insurance Readiness for Canadian Small Business

We help you get the right cyber insurance policy, prepare the evidence that unlocks lower premiums, and stand beside you when a claim needs to be filed.

$4.35M
Avg. cost of a data breach
60%
SMBs close within 6mo of attack
72hr
Typical claim response window
What's included

A complete service, run by people.

Policy advisory

We evaluate your current coverage, identify gaps, and recommend policies that match your actual risk profile.

Premium reduction

Our security controls MDR, patching, MFA enforcement are documented evidence insurers use to lower your premiums.

Renewal preparation

Annual questionnaires answered with real data from your environment, not guesswork.

Incident support

When a claim needs filing, we provide the incident timeline, forensic evidence, and logs insurers require.

Rapid response coordination

We coordinate with your insurer's incident response panel to minimize dwell time and financial exposure.

Stakeholder reporting

Board-ready briefings that translate cyber risk into financial exposure your leadership can act on.

Underwriting Requirements

What Canadian cyber insurers require in 2026

Insurers have tightened underwriting requirements significantly since 2021. These are the technical controls most Canadian cyber insurers now require as a condition of coverage not just recommendations.

  • Multi-factor authentication on all admin accounts Non-negotiable for every insurer. Policies are voided or claims denied if MFA was available but not enforced on compromised admin accounts.
  • Endpoint detection and response (EDR) Traditional antivirus is no longer sufficient. Insurers want evidence of behavioural detection and response capability on all endpoints.
  • Offsite backup tested within 90 days Backups that haven't been tested aren't evidence of resilience. Insurers ask for test dates and recovery time objectives in renewal questionnaires.
  • Documented incident response plan A written plan with named contacts, escalation procedures, and insurer notification steps. Must include the 72-hour PIPEDA notification window.
  • Email security (DMARC/DKIM/SPF) Domain authentication controls are increasingly required. Some insurers specifically ask for DMARC policy status during renewal.
  • Vulnerability scanning Evidence of quarterly or continuous scanning with a documented remediation process. Unpatched critical vulnerabilities discovered during a claim can result in coverage exclusions.
  • Privileged access management Separate admin accounts, least-privilege principles, and audit logs of privileged activity. Required by most enterprise-tier policies and increasingly by SMB policies.
Canadian Compliance

PIPEDA and cyber insurance what SMBs need to know

Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) requires organizations to notify the Office of the Privacy Commissioner and affected individuals whenever a breach creates a 'real risk of significant harm.' That notification must happen as soon as feasible in practice, insurers expect notification within 72 hours of confirming a breach.

Insurers increasingly require evidence that your incident response plan includes PIPEDA notification procedures. During a claim, they will ask: when did you know? What did you do? Who did you notify? A plan that doesn't address these questions slows claim processing and can trigger coverage disputes.

Quantm's incident response engagement maps your notification obligations directly to your insurer's requirements. We document the breach timeline, the categories of personal information affected, and the notification steps taken the exact evidence your insurer's claims team needs to process your claim without delay.

Evidence Pack

What an evidence pack includes

Insurers don't take your word for your security posture they ask for documentation. An evidence pack is the set of documents that proves your controls are real.

  • Control attestation report A signed summary of which controls are in place, when they were last tested, and who is responsible for each.
  • Vulnerability scan results The most recent scan output with a summary of open findings and their remediation status.
  • Backup test verification A dated record of your most recent recovery test, including what was restored and how long it took.
  • MFA deployment evidence A report showing MFA enrollment rates by user group, with admin accounts called out specifically.
  • Policy documents Incident response plan, acceptable use policy, and remote access policy dated and signed by an owner.
Outcomes

What changes after week one.

You'll feel the difference fast fewer alerts, faster response, and a clearer picture of where your real risk lives.

  • Reduce cyber insurance premiums by documenting your security posture
  • Eliminate coverage gaps that leave ransomware or BEC losses uninsured
  • Answer renewal questionnaires in hours, not days
  • File claims with complete forensic evidence and incident timelines
  • Give your board a clear picture of your residual cyber risk
How it works

From kickoff to coverage in days.

Step 01
Assess

We review your current policy and map it against your real risk exposure.

Step 02
Harden

Security controls are tuned and documented to meet insurer requirements.

Step 03
Renew

We compile the evidence package and answer renewal questionnaires with you.

Step 04
Respond

If an incident occurs, we provide the documentation insurers need to pay the claim.

FAQ

Common questions, answered.

The things buyers ask us most about scope, onboarding, and what you'll see in your monthly report.

Ask us anything

Stop hoping your policy covers you.

We'll review your current coverage and show you exactly what a ransomware or BEC incident would cost your business today.