Cyber Business Insurance Quebec 2026

CYBER RISKS

Cyber Insurance for Businesses in Quebec

Ransomware, data leaks, electronic fraud, interruptions: protect your business with tailor-made cyber insurance. Law 25 compliant, 24/7 intervention team.

Get my free quote1-866-357-4451

Starting at $1,200

Annual SME premium

24/7

Cyber Emergency Team

Bill 25

Compliant

AMF

Certified brokers

Since the coming into force of Bill 25 respecting the protection of personal information, any Quebec company that processes customer data is required to notify incidents, designate an information protection officer and implement adequate security measures. Cyber insurance covers the costs of investigation, notification, ransom (where permitted), business interruption, data reconstitution and administrative fines of up to $25 million or 4% of global revenue.

Server Room Corporate Cybersecurity — Assur360

IN BRIEF

Cyber insurance for Quebec SMEs

60% of Quebec SMEs targeted by a cyberattack close within 6 months (CFIB 2025). Cyber insurance has become as essential as fire insurance for any company that deals with customer data.

Underwriting requirements: Insurers now require multi-factor authentication (MFA), tested offline backups, and documented incident response plans. Without these controls, systematic refusal.

What does cyber business insurance cover?

Ransomware

Ransom negotiation and payment fees (where legally permitted), data restoration, system restoration.

Data Leakage

Investigation costs, notification to data subjects, credit monitoring, public relations, legal fees.

Business interruption

Loss of revenue during system shutdown, additional costs to restore activity.

Wire fraud

Fraudulent transfers, identity theft of directors, social engineering, erroneous transfer of funds.

Civil liability

Lawsuits by customers or partners following a leak of their confidential data.

Bill 25 Fines

Coverage of costs related to CAI investigations and, where insurable, administrative fines.

💡 Broker’s advice

Cyber insurers today require minimum security measures to provide coverage: multi-factor authentication (MFA) on all accounts, tested offline backups, antivirus/EDR, anti-phishing training. A company that does not meet these requirements is denied coverage or pays an additional premium of 30 to 50%. Before bidding, have your posture validated with an Assur360 broker.

Frequently Asked Questions

What is cyber insurance for a company?

It is a policy that covers financial losses caused by a computer incident: ransomware, data leaks, wire fraud, system interruption, invasion of customer privacy. It usually includes a 24/7 response team with cybersecurity experts, specialized lawyers and public relations firms.

How much does cyber insurance cost in Quebec?

For a Quebec SME (less than $10 million in sales): between $1,200 and $5,000 per year for a limit of $1 million. The price depends on the sector (health, finance, IT are more expensive), the volume of personal data processed and the maturity of the cybersecurity measures in place.

Does Bill 25 make cyber insurance mandatory?

It is not strictly mandatory, but Bill 25 imposes notification obligations and increased liability. Fines can reach $25 million or 4% of global turnover. In addition, many B2B contractors and contracts now require proof of cyber insurance.

Is my cloud backup protecting me?

No — a backup, even a cloud backup, can be encrypted by ransomware if it remains accessible from your network. Insurers require offline or immutable backups, tested regularly, to provide ransomware coverage.

What to do in the event of a cyber attack?

Contact your insurer’s emergency line (included in the policy) immediately. Don’t pay any ransom without permission. Disconnect affected systems without shutting down (to preserve evidence). Keep logs, emails, screenshots. The intervention team will take over in less than 4 hours.

Does coverage include Bill 25 fines?

Yes, within the prescribed limits, when these fines are insurable according to Quebec jurisprudence. Please note: some administrative fines of a punitive nature cannot be legally ensured. Your broker will explain exactly what your policy covers.

Do my IT vendors need cyber insurance?

Yes — if a supplier suffers an incident and exposes your data, it’s your responsibility to your customers. Ask for a cyber insurance certificate before signing. Visit our IT Assurance page for vendor requirements.

What cybersecurity measures do insurers require?

Multi-factor authentication (MFA) on all admin and VPN accounts, tested offline backups, antivirus/EDR on all workstations, patches applied monthly, anti-phishing training, documented incident response plan. A cyber questionnaire of 40 to 100 questions should be completed with the help of your IT team.

My company is small (less than 5 employees), do I really need cyber insurance?

Yes — SMBs are now the preferred targets of attackers (less protected). A ransomware attack costs an average of $85,000 in direct costs for a micro-business, not including the loss of customers. Specific policies are available as low as $50 per month for very small businesses.

Cyber insurance everywhere in Quebec

Assur360 supports businesses throughout Quebec: Montreal, Quebec City, Laval, Gatineau, Longueuil, Sherbrooke, Trois-Rivières and Saguenay. Whether you are an accounting firm in Laval, a retailer in Quebec City or a medical firm in Sherbrooke, our AMF-certified brokers know the risks of your sector and the requirements of Bill 25.

100% online quote, free of charge, with comparison of several Canadian insurers.