Nous utilisons des cookies pour mesurer l’audience et améliorer votre expérience. Vous pouvez accepter ou refuser. Consultez notre https://www.assur360.ca/en/privacy-policy-and-personal-information/.

Cyber Risk Insurance in Quebec: Complete Guide for Businesses (2026)

By|
-->

COMPANY

Quick online quote

Compare us

Get started
Quebec Business Insurance Broker Online

Cyberattacks against Quebec companies have exploded in recent years. In 2025, 43% of Canadian SMEs were victims of at least one cybersecurity incident. The average cost of a data breach in Canada is $5.6 million. Cyber risk insurance has become an essential financial shield for any company that uses technology — that is, all companies.

Protect your business from cyberattacks

Free quote in minutes. AMF certified broker. No obligation.

Get my cyber quote

What is cyber risk insurance?

Cyber risk insurance (also known as cyber security insurance, cyber insurance or cyber insurance) is coverage that protects your business against financial losses caused by computer incidents: hacking, ransomware, data leaks, online fraud and service interruption.

Unlike traditional business insurance (general liability, property), cyber insurance specifically covers digital and informational damage that is excluded from conventional policies.

Why Your Business Needs Cyber Risk Insurance in 2026

Three realities make this insurance essential for Quebec SMEs:

1. The explosion of cyberattacks in Canada

  • 43% of Canadian SMEs were victims of an incident in 2025
  • The average cost of a data breach in Canada: $5.6 million
  • Ransomware attacks have increased by 150% since 2022
  • 60% of SMBs that are victims of a major cyberattack close within 6 months

2. Quebec's Bill 25 — Strict Obligations

Since September 2023, Bill 25 (Act respecting the protection of personal information in the private sector) requires Quebec companies:

  • Report any data leak to the Commission d'accès à l'information within 72 hours
  • Notify all affected individuals individually
  • Keeping a record of confidentiality incidents
  • Appointing an Information Protection Officer
  • Fines: $15,000 to $25 million for non-compliance

Cyber risk insurance covers the costs of these obligations: notice, investigation, fines, and legal fees.

3. Your general liability insurance does NOT cover cyberattacks

Many contractors believe they are protected by their general liability insurance. This is false. RC policies explicitly exclude incidents related to digital data. If a hacker steals your customers' data or ransomware cripples your operations, your standard business insurance won't pay anything.

What Cyber Risk Insurance Covers

RestorationFees interruption disruption liability damages management engineering fraud fraud Fines
CoverageWhat it protectsConcrete example
Datato recover or recreate lost dataRansomware encrypts your customer files
BusinessRevenue lost during the serviceYour e-commerce site is offline for 48 hours
RansomwareRansom payment, negotiation, decryptionYou're being asked for $50,000 to unlock your systems
Notification and ComplianceFees for notifying affected persons (Bill 25)Leak of 10,000 customer files to be notified individually
CyberThird-party lawsuits for leak-relatedA customer sues you for identity theft
CrisisPublic relations, communications, expertsManaging your reputation after a high-profile hack
SocialLosses due to phishing or CEOEmployee transfers $30,000 to fake supplier
RegulatoryPenalties imposed by the authoritiesFine from the Commission d'accès à l'information

How much does cyber risk insurance cost in Quebec?

size premium 800 1,500 5,000
CompanyAnnualTypical Limit
Self-employed / micro-enterprise$300 — $$250,000 — $500,000
SME (1-50 employees)$500 — $$500,000 — $2M
Medium business (50-250 employees)$1,500 — $$2M — $5M
Large company (250+ employees)$5,000 — $25,000+$5M — $20M+

Indicative prices for Quebec in 2026. The cost varies depending on the industry, the volume of data, the revenue and the security measures in place. Get your exact price here.

Which companies are most exposed to cyber risks?

Any business that uses a computer, email or payment system is at risk. But certain sectors are particularly targeted:

  • E-commerce — Credit card data, large customer databases
  • Professional services — Accountants, lawyers, notaries: confidential client data
  • Health and Clinics — Medical Records, Sensitive Data Protected by Bill 25
  • Manufacturers — Connected Industrial Systems, Intellectual Property
  • Financial Services — Banking Data Is a Target for Hackers
  • Restaurants and retail – Payment terminals , customer lists
  • Non-Profit Organizations — Often Less Protected, Donor Data

The main cyber threats for Quebec SMEs

Ransomware

Ransomware encrypts all your files and demands a ransom (often in cryptocurrency) to unlock them. The average cost of an attack in Canada in 2025: $1.2 million (including ransom, production shutdown, and restoration). SMBs are prime targets because they often have weaker defenses than large companies.

Phishing

Fraudulent emails imitate your suppliers, bank, or colleagues to steal your credentials or get you to transfer money. 91% of cyberattacks start with an email. CEO fraud (a hacker impersonating the executive and requesting an urgent transfer) is particularly common.

Data Leakage

Unauthorized access exposes the personal data of your customers or employees. With Bill 25, you are legally obliged to notify each affected person and the Commission d'accès à l'information within 72 hours. Without cyber insurance, you are responsible for the costs of notification, investigation and legal defense.

7 Preventive Measures to Reduce Your Cyber Premium

Insurers evaluate your security practices before setting your premium. The stronger your defenses, the less you pay. Here are the measures that have the most impact:

  1. Multi-Factor Authentication (MFA) — Mandatory on all critical access (email, VPN, business applications). This is the #1 criterion for insurers.
  2. Regular backups — Daily automatic backups, stored offline or on a secure cloud. Test your restorations regularly.
  3. Employee training — Phishing simulations and annual training. Employees are the weakest link in the security chain.
  4. Updates and patches — Keep all your software, operating systems, and firewalls up to date. Unpatched flaws are the #1 gateway.
  5. Incident Response Plan — Document who does what in the event of an attack: who to call, how to isolate systems, how to communicate.
  6. Encryption of sensitive data — Encrypt personal data at rest and in transit, especially financial and medical information.
  7. Annual penetration testing — Have your defenses tested by experts to identify vulnerabilities before hackers do.

These measures can reduce your premium by 10 to 25% while significantly reducing your risk of an incident.

Is your company protected against cyberattacks?

Get a cyber risk insurance quote tailored to your business. Free, no obligation.

Free Cyber Quote

What to do in the event of a cyberattack?

  1. Isolate affected systems — Immediately disconnect compromised machines from the network to limit spread.
  2. Contact your insurer — Your cyber policy often includes 24/7 access to an incident response team.
  3. Don't pay the ransom immediately — Consult the experts provided by your insurer first. In some cases, the data can be recovered without payment.
  4. Document everything — Screenshots, login logs, suspicious emails. This documentation is essential for the claim and investigation.
  5. Report to the authorities — Bill 25: notification to the Commission d'accès à l'information within 72 hours if personal data is at stake.
  6. Communicate — Notify your affected customers and partners. Transparency protects your reputation in the long run.

Frequently Asked Questions — Cyber Risk Insurance in Quebec

What is cyber risk insurance?

Cyber risk insurance (also known as cybersecurity insurance or cyber insurance) is coverage that protects your business against financial losses related to cyberattacks. It covers data restoration costs, lost revenue, legal fees, regulatory fines, and the costs of notifying customers in the event of a data breach.

How much does cyber risk insurance cost in Quebec in 2026?

The price varies depending on the size of the company and the level of risk. On average: $500 to $1,500/year for an SME with fewer than 50 employees, $1,500 to $5,000/year for a company with 50 to 250 employees, and $5,000 to $25,000+/year for large companies. The industry, the volume of personal data and the security measures in place influence the price.

Is cyber risk insurance mandatory in Quebec?

No, it is not mandatory by law. However, since the coming into force of Bill 25 (Act respecting the protection of personal information) in September 2023, Quebec companies have strict data protection obligations. In the event of a leak, fines can reach $25 million. Cyber risk insurance has therefore become almost indispensable.

What does cyber risk insurance cover?

Typical coverages include: 1) Data and system recovery costs; 2) Loss of income (business interruption); 3) Ransomware (ransom payment and trading fees); (4) Costs of notification to affected persons; 5) Legal fees and regulatory fines; 6) Civil liability in the event of a data leak; 7) Crisis management and public relations costs; 8) Social engineering fraud (phishing).

What types of businesses need cyber risk insurance?

Any business that uses technology — which includes virtually all SMBs in 2026. The most exposed sectors are: e-commerce, financial services, health, professional services ( accountants, lawyers), manufacturers and any company that stores personal data of customers or employees.

What is ransomware and am I covered?

Ransomware is malicious software that encrypts your data and demands a ransom to unlock it. In 2025, the average cost of a ransomware attack in Canada was $1.2 million. Most cyber risk insurance policies cover: ransom payment (if necessary), negotiation fees with attackers, system restoration, and loss of revenue during the outage.

Does general liability insurance cover cyberattacks?

No. General liability insurance generally excludes incidents related to digital data. Traditional policies cover bodily injury and property damage, not data leaks or computer interruptions. You need a separate cyber risk insurance policy for this coverage.

How does Quebec's Bill 25 affect my business?

Bill 25 requires Quebec companies to: adequately protect personal information, report any leak to the Commission d'accès à l'information within 72 hours, notify affected individuals, keep a record of incidents and appoint an information protection officer. Fines range from $15,000 to $25 million. Cyber risk insurance covers the costs associated with these obligations.

What preventive measures can reduce my premium?

Insurers offer better rates if you demonstrate good practices: 1) Multi-factor authentication (MFA); 2) Regular and tested backups; 3) Employee training in cybersecurity; 4) Up-to-date firewall and antivirus; 5) Documented incident response plan; 6) Encryption of sensitive data; 7) Annual penetration tests. These measures can reduce your premium by 10 to 25%.

How long does a cyber risk insurance quote take?

With Assur360, you can get a free quote in minutes. An AMF-certified broker will analyze your risk profile and compare the offers of several insurers to find the best coverage at the best price. The service is free and without obligation.

To be read

Related Posts

Scroll to Top