Cybersecurity Managed IT Industry Data

Cyber Claims Are Up 30% — Here's What Every Canadian SMB Needs to Know

By Scott Smith March 30, 2026 8 min read

The 2025 NetDiligence Cyber Claims Study just dropped, and the numbers should make every business owner pay attention. Based on over 10,000 real cyber insurance claims from 2020–2024, this is the most comprehensive look at what cyber incidents actually cost — and who they hit hardest.

Spoiler: it's small and medium businesses. And the industries most affected are the ones we serve every day.

$264K
Average SMB incident cost
(up 30% from last year)
98%
of all cyber claims come from SMBs
$631K
Average cost of a ransomware incident at an SMB
$1.8M
Average incident cost when business interruption is involved

The Industries Getting Hit the Hardest

If your business falls into one of these categories, you're in the crosshairs. The top five sectors by number of cyber claims at SMBs are:

  1. Professional Services (law firms, accounting, consulting) — 18% of all claims, $271K average incident cost
  2. Manufacturing — 9% of claims, $395K average cost. Many manufacturers run legacy systems that are harder and more expensive to restore.
  3. Healthcare — 7% of claims, but the highest average cost at $566K. Regulated data + operational urgency = maximum leverage for attackers.
  4. Retail — 7% of claims, $219K average cost
  5. Financial Services — 6% of claims, $329K average cost

These five sectors alone account for 47% of all claims and 60% of total incident costs in the study.

Ransomware: Still the #1 Threat

Ransomware remains the leading cause of loss, responsible for 69% of total SMB incident costs — a staggering $1.6 billion across the dataset. The average ransomware incident costs an SMB $631K, but it gets worse when operations go down:

  • Ransomware accounts for 81% of all business interruption claims
  • Average business interruption cost for ransomware: $1.4M
  • Companies with BI involvement face costs 650% higher than those without
  • Ransom demands have reached as high as $150M, with payments up to $75M

The good news? Only 15–20% of businesses actually pay the ransom. But that means the other 80% are absorbing the full cost of recovery and downtime — which is only manageable if you have proper backups, a tested recovery plan, and a team that knows what they're doing.

"You're never going to keep threat actors out forever. It's about limiting your exposure. When they get in, if they can only impact a single user's PC, a single server or a single application, it's a lot easier and cheaper to recover than it is to recover all PCs, all servers, and all applications."

— George Kohlhofer, RSM US LLP

Business Email Compromise: The Silent $98K Problem

BEC was the second leading cause of loss, and it's surging — 2024 saw the highest number of BEC claims on record. The average incident cost is $98K, but here's what should concern every business owner:

84% of BEC incidents start with someone clicking a link in an email.

That's not a sophisticated zero-day exploit. It's not nation-state hackers. It's an employee clicking a link in a convincing email. This is preventable with proper email security, DNS filtering, security awareness training, and multi-factor authentication — all standard components of a managed IT service.

The Canada Picture

While Canadian-specific claims were limited in the dataset (84 claims), the numbers are sobering:

  • Average incident cost: $874K USD
  • Ransomware average: $1.3M
  • Wire transfer fraud average: $558K

As the study notes, "Canadian organizations face a dual challenge: protecting critical systems from crippling ransomware events while also safeguarding financial operations against social engineering and payment fraud schemes."

Third-Party Risk Is Exploding

One of the most alarming trends in the 2025 data is the dramatic increase in third-party and supply chain incidents. The average cost of a malicious third-party incident at an SMB jumped to $1.4M in 2024 — up from $424K in 2020.

A single compromised vendor can cascade across your entire business. The study found that 32% of breaches in 2024 were tied to third-party exposures. This means your cybersecurity posture is only as strong as your weakest vendor — and most businesses have no visibility into their vendors' security practices.

"It's not just about assessing your own posture anymore. It's about demanding visibility, accountability, and breach readiness from every partner you do business with."

— Michael Bruemmer, Experian

Recovery Costs Keep Climbing

The study found that incidents with recovery expenses cost over 300% more than those without. For ransomware specifically, incidents with recovery costs were 400% higher. In 2024, crisis services alone accounted for 47% of total incident costs at SMBs — up 40% from the previous reporting period.

Forensics, legal counsel, notification, credit monitoring — these aren't optional. They're the baseline cost of a breach. And they're getting more expensive every year.

What Actually Protects You

The data paints a clear picture. The businesses that survive cyber incidents with the least damage are the ones with layered defenses already in place. Here's what the report's findings translate to in practical terms:

  • Email security and anti-phishing — BEC is the #2 cause of loss, and 84% start with a clicked link. Spam filtering, link scanning, and email authentication (DMARC/DKIM/SPF) aren't luxuries.
  • Multi-factor authentication — The report explicitly calls out MFA and identity management as critical controls. This alone blocks the majority of credential-based attacks.
  • Endpoint protection — Limiting what an attacker can access after initial compromise is the difference between a minor incident and a company-wide shutdown.
  • Tested backup and recovery — 81% of BI claims involve ransomware. If your backups work and you've tested recovery, you don't need to pay the ransom.
  • Security awareness training — Staff mistakes as a cause of loss have dropped dramatically (from 235 claims to 88). Training works.
  • Vendor risk management — With third-party costs exploding, you need visibility into your supply chain's security posture.
  • An actual incident response plan — Having a plan, testing it, and knowing who to call is the difference between controlled response and chaos.

"Companies need security hygiene and good control of their identities, multifactor authentication, and reduction of privileged identities. Those things alone will help shrink the attack surface. But there's always a chance they're going to get in. So now, what's your resiliency plan?"

— Alden Hutchison, RSM US LLP

The Bottom Line

Cyber incident costs at SMBs are up 30% year over year. The top five targeted industries are all sectors where Cloud Collective has deep experience delivering managed IT services. And the overwhelming message from 10,000+ insurance claims is this:

The businesses that invest in proactive IT management — email security, MFA, monitored backups, endpoint protection, and employee training — are the ones that avoid the $264K average bill.

Prevention isn't free, but it's a fraction of what an incident costs. And unlike an insurance claim, it keeps your business running.

Is your business protected?

Take our free IT assessment to identify gaps in your cybersecurity posture — before an attacker finds them for you.

Get Your Free IT Assessment →

Data source: NetDiligence® Cyber Claims Study 2025 Report. Based on analysis of 10,402 cyber insurance claims from incidents occurring 2020–2024. All dollar figures in USD unless otherwise noted.