Canadian businesses already know cyber is a top threat. The problem, according to CFC’s Lindsey Maher (pictured), is that cyber insurance is still too hard to buy and too easy to ignore – and that’s a missed opportunity for both clients and brokers.
“Canada’s primary challenge is execution,” said Maher, head of global cyber development at CFC. “Businesses already know cyber is a top risk... The gap won’t close because people suddenly get scared. It closes when insurers make cyber simpler and more accessible, and brokers make it unavoidable in every commercial conversation.”
Maher argues that buyers don’t need more fear; they need help understanding how cyber insurance fits alongside their existing IT and security investments.
Buyers already believe cyber is a top risk; what they need is help understanding insurance is not just a financial resiliency tool, but one that complements their existing IT infrastructure with enterprise security tools, she said. “When brokers focus only on price and limits, cyber becomes commoditised.”
For brokers willing to lead those conversations, Maher sees a major strategic opportunity.
“Cyber is also the fastest way for brokers to get back into the boardroom, because it cuts across finance, operations, legal and technology,” she said. For larger organizations, it gives brokers a legitimate reason to speak to CFOs and boards about volatility, business interruption and survivability, she added.
Instead of being confined to procurement or insurance managers, cyber opens the door to broader discussion of risk, resilience and strategy. That, Maher suggested, can reset the broker‑client relationship at a higher level.
“Cyber insurance works – our 99.4% cyber claims acceptance rate in the last 12 months at CFC demonstrates this,” she said. “But it only becomes truly valuable for clients when it’s presented as balance sheet protection, expert incident response, and decision support in a crisis, not just another line on the renewal schedule.”
Softening rates on other commercial lines are also creating room for brokers to introduce cyber as a growth lever, she added.
Brokers are capitalizing on the fact that rates are softening on other product lines, which ultimately means clients have more budget to allocate to a new product line while brokers seek to build on their own organic growth, Maher said.
Many Canadian SMEs still see themselves as too small or obscure to be attractive cyber targets. Maher believes that view is increasingly dangerous.
“Canadian SMEs often believe they’re too small to be targeted, but systemic events prove otherwise,” she said. “In the JLR incident, the economic damage to third parties exceeded $3.5 million CAD outside of the losses to JLR themselves – and many of those affected weren’t the primary target.”
Smaller firms are more, not less, exposed to cascading disruption, she argued.
SMEs outsource more, rely on more vendors, and sit deeper in supply chains, which means they can suffer major financial losses even when the attack hits someone else, Maher said.
That makes closing the protection gap less about convincing SMEs they have a cyber risk, and more about making it simple and routine to transfer part of that risk.
Closing the protection gap requires insurers to make cyber easier to buy and brokers to make it impossible to ignore, she said. “Cyber insurance should feel as standard as property insurance, not an optional upgrade.”
Maher sees three groups that all need to move: insurers, brokers and industry bodies.
“For insurers, that means redesigning the buying experience: fewer technical hurdles, clearer value propositions, and products that feel as standard as property insurance, not an optional upgrade,” she said.
For brokers, it means shifting from discussing cyber as a checklist item at the end of a renewal meeting, to advising and leading their conversations with it – leading with financial resilience, incident response, and business continuity, not just price and limits.
Industry associations are already helping to lay the groundwork.
“Industry bodies like IBC are already pushing for awareness campaigns, incident‑reporting frameworks and public‑private collaboration,” Maher said. “The missing piece now is normalization. Cyber insurance needs to be treated as a routine part of doing business in Canada.”
In Maher’s view, closing the cyber protection gap will not be about a single watershed event or headline‑grabbing loss. It will be about grinding execution.
“When insurers lower the friction and brokers raise the visibility, the protection gap finally starts to close,” she said. “Cyber shouldn’t be a special topic anymore – it should be part of every serious conversation about the future of a business.”
