Cyberattacks against Quebec SMEs have increased by 300% since 2020. Ransomware can cripple your business for weeks and cost tens of thousands of dollars. Cyber insurance is now essential — especially with the coming into force of Bill 25 in Quebec, which imposes new obligations on companies in terms of personal data protection.
What is cyber insurance?
Cyber insurance (or cyber liability insurance) protects your business against financial losses related to cybersecurity incidents: hacking, data theft, ransomware, human error, and business interruptions caused by a computer incident.
Risks covered by cyber insurance
Part One — Damage to Your Business
- Ransomware — Ransom payment and data recovery fees
- Business interruption — loss of revenue during the IT outage
- Data recovery costs — system recovery and reconstruction
- Crisis management — public relations costs following a breach
- Mandatory notification — notification costs to affected clients (required by Bill 25)
Part Two — Liability to Third Parties
- Theft of customer data — lawsuits and legal fees
- Transmission of a virus to a third party — damage to your partners
- Breach of Privacy — Regulatory Fines (Bill 25, PIPEDA)
- Online defamation – erroneously posted content causing harm
Bill 25 and cyber insurance in Quebec
Since 2023, Bill 25 (An Act to modernize legislative provisions as regards the protection of personal information) imposes new obligations on Québec businesses:
- Appointing a Privacy Officer
- Report any security breach to the Commission d’accès à l’information (CAI)
- Notifying individuals whose data has been compromised
- Fines of up to $25 million or 4% of sales
Cyber insurance covers the costs of notification, legal defense and potential penalties related to Bill 25.
Who needs cyber insurance in Quebec?
- SMEs with 1 to 500 employees — small businesses are the most targeted because they are less well protected
- Liberal professions — accountants, lawyers, doctors, engineers
- Retail – any merchant that processes online payments
- Healthcare companies — medical data = priority target for hackers
- Manufacturing and Manufacturing — Attacks on Industrial Control Systems (SCADA)
- Municipalities and public bodies — increasingly targeted in Quebec
Average cost of cyber insurance for SMEs in Quebec
| Company size | Annual Revenues | Estimated premium/year |
|---|---|---|
| Micro-enterprise | Less than $500,000 | $800 – $2,000/year |
| Small Business | $500,000 – $2M | $2,000 – $5,000/year |
| Medium-sized business | $2M – $10M | $5,000 – $15,000/year |
| Large SME | $10M – $50M | $15,000 – $50,000/year |
FAQ — Cyber Business Insurance in Quebec
Does my business insurance already cover cyber risks?
Non. La plupart des polices d’assurance entreprise standard (responsabilité civile, biens commerciaux) n’incluent pas de couverture cyber. Il faut une police dédiée ou un avenant spécifique. Vérifiez votre police actuelle avec votre courtier.
Can an SME really be the victim of a cyberattack?
Oui — les PME sont les cibles favorites des pirates informatiques précisément parce qu’elles ont moins de ressources en cybersécurité. Au Canada, 71 % des cyberattaques visent des entreprises de moins de 100 employés.
Does cyber insurance cover my employees’ mistakes?
Oui. La majorité des incidents cyber sont causés par des erreurs humaines (cliquer sur un lien de phishing, envoyer des données au mauvais destinataire). L’assurance cyber couvre généralement ces incidents, contrairement à ce que beaucoup de propriétaires pensent.
How long does it take to get cyber coverage?
Via Assur360, vous pouvez obtenir une couverture cyber en 24 à 48 heures. Le processus est simple : formulaire en ligne, appel avec un courtier spécialisé, émission de la police. Certains assureurs peuvent émettre une couverture temporaire le jour même.
What documents do I need to get a cyber quote?
Généralement : description de votre activité, revenus annuels, nombre d’employés, type de données que vous traitez (données personnelles, financières, médicales), mesures de sécurité en place (antivirus, sauvegardes, formation employés).
Protect Your Business — Free Quote
Assur360 is an AMF certified brokerage firm (number 3003429353) specializing in commercial insurance in Quebec. Our brokers compare the best cyber policies from 30+ insurers to find you the right coverage for your business reality. 100% free service, no obligation.