What is an independent insurance broker?

An independent insurance broker like Oegema, Nicholson & Associates is not tied to any single insurance company. This means they can shop your coverage across multiple insurers to find the best rate and coverage for your specific needs. Unlike agents who represent one insurer, or direct writers who sell their own products, an independent broker works for you, not the insurance company.

Where are Oegema, Nicholson & Associates locations in the Ottawa area?

Oegema, Nicholson & Associates has five locations serving the Ottawa region: Ottawa (1451 Woodroffe Avenue, 613-224-1455), Manotick (5526 Manotick Main St, 613-692-3403), Almonte (154 Bridge St, 613-256-3044), Russell (243 Castor St, 613-445-5221), and Orleans (3809 St Joseph Blvd #3, 613-590-7373).

What types of insurance does Oegema, Nicholson & Associates offer?

Oegema, Nicholson & Associates offers three main categories of insurance: personal insurance (home, auto, condo, tenant/renter, cottage, motorcycle, motorhome, watercraft, and recreational vehicle), commercial insurance (small business, general liability, professional liability, cyber security, directors and officers, contractors, hospitality, fleet, food truck, restaurant, and more), and farm insurance (farm homes, barns and outbuildings, livestock, farm equipment, dairy, poultry, and agricultural risks).

Which insurance companies does ONA work with?

As an independent broker, Oegema, Nicholson & Associates works with over 30 of Canada's most trusted insurers including Aviva Canada, Intact Insurance, Economical Insurance, Gore Mutual, Travelers Canada, The Commonwell Mutual, Ecclesiastical Insurance, Grenville Mutual, Heartland Farm Mutual, Portage Mutual, Markel Canada, Beazley Canada, and many more. This broad market access means clients get competitive options rather than being limited to one company's products.

How do I get an insurance quote from Oegema, Nicholson & Associates?

You can get a free insurance quote from Oegema, Nicholson & Associates by calling the main Ottawa office at 613-224-1455, filling out the contact form at ona.ca, or visiting any of the five locations in Ottawa, Manotick, Almonte, Russell, or Orleans during office hours.

Does ONA offer farm insurance in Eastern Ontario?

Yes. Oegema, Nicholson & Associates has extensive experience brokering farm insurance across Eastern Ontario. Coverage options include farm homes, barns and outbuildings, farm liability, hobby farms, livestock, farm equipment and machinery, dairy farms, poultry farms, and broader agricultural risks.

Does Oegema, Nicholson & Associates offer insurance for diplomats and ambassadors in Ottawa?

Yes. ONA offers specialized diplomat and ambassador insurance coverage, a unique product particularly relevant to Ottawa as Canada's capital city. This coverage is designed to address the specific insurance needs of diplomatic personnel and their families living and working in the Ottawa area.

What are the office hours for ONA insurance locations?

Office hours vary by location. Ottawa and Manotick are open Monday to Friday, 8:00 AM to 5:00 PM. Almonte is open Monday to Friday, 8:30 AM to 5:00 PM. Russell is open Monday to Friday, 9:00 AM to 5:00 PM. Orleans is open Monday to Friday, 8:30 AM to 4:30 PM. All locations are closed on Saturday and Sunday.

How long has Oegema, Nicholson & Associates been in business?

Oegema, Nicholson & Associates was founded in 1961 and has been helping Ottawa-area families and businesses with their insurance needs for over 60 years, making them one of the most established independent insurance brokerages in Eastern Ontario.

Does ONA offer commercial insurance for Ottawa businesses?

Yes. Oegema, Nicholson & Associates brokers a comprehensive range of commercial insurance products for Ottawa and Eastern Ontario businesses. This includes small business insurance, commercial general liability, professional liability (errors and omissions), cyber security insurance, business interruption insurance, directors and officers insurance, contractors insurance, hospitality insurance, fleet and garage insurance, restaurant insurance, retail business insurance, builders risk insurance, and more.

Posted by

Oegema

May 10 2026

Why Your Business Needs Cyber Liability Insurance

Blog, Insurance Advice

Discover All Our
Insurance Services

Personal Insurance

Commercial Insurance

Farm Insurance

What Is Cyber Liability Insurance in Canada?
What Does Cyber Liability Insurance Cover?
Are Canadian Small Businesses Really at Risk?
What Cyber Liability Insurance Does NOT Cover
How Insurers Assess Your Cyber Risk
How Is Cyber Liability Insurance Different from Other Business Coverage?
Frequently Asked Questions

A ransomware attack shuts down your systems on a Tuesday morning. Your client data is locked. Your staff cannot work. A criminal is demanding payment. You have no idea how long this will take to fix or what it is going to cost. This is not a hypothetical. It is the situation hundreds of Canadian businesses face every year, and most of them did not think it would happen to them.

Cyber liability insurance exists to cover exactly these costs. From the forensic investigation to client notifications to lost revenue while your systems are offline, the right policy puts a financial backstop behind your business when a cyber incident hits. At Oegema, Nicholson & Associates, we help Ontario businesses find the right cyber coverage through some of Canada’s most trusted insurers. This guide explains what cyber liability insurance covers, who needs it, and what to look for in a policy.

What Is Cyber Liability Insurance in Canada?

Cyber liability insurance is a commercial insurance product, or policy extension, that covers the financial losses a business suffers because of a cyber attack, data breach, or digital security failure. Unlike general business insurance, it is designed specifically for digital risks: the theft or exposure of customer data, ransomware that encrypts your files, phishing scams that result in fraudulent transfers, and the legal and regulatory fallout that follows these events.

In Canada, cyber liability insurance is available as a standalone policy or as an endorsement added to a professional liability insurance policy. For businesses that store sensitive customer information, process payments online, or depend heavily on connected systems, a standalone policy with higher limits is usually the right choice. Endorsements offer basic coverage but typically have lower limits and fewer response services included.

The term ‘cyber security insurance‘ is sometimes used interchangeably with cyber liability insurance. Both refer to the same class of product. You may also hear it called data breach insurance, particularly when the main risk being discussed is the exposure of private customer information.

What Does Cyber Liability Insurance Cover?

A standard cyber liability insurance policy covers two broad categories of costs: first-party costs (what the incident costs your business directly) and third-party costs (what you owe to others as a result of the incident). The table below breaks down the main coverage areas.

Coverage Type	What It Covers	First or Third Party?
Data Breach Response	Forensic investigation, notifying affected individuals, and PR costs after a breach of customer or employee data.	First party
Ransomware and Cyber Extortion	Ransom negotiation costs and, where legally permitted, ransom payments if a criminal locks your systems and demands payment.	First party
Business Interruption	Can cover lost revenue during a cyber-caused shutdown. Covers the gap from the moment your systems go down until normal operations resume.	First party
System Damage and Restoration	The cost to restore, repair, or replace software, hardware, and data that were damaged or destroyed in a cyber incident.	First party
Third-Party Liability	Legal defence costs and damages if a client sues your business because their data was compromised through your systems.	Third party
Regulatory Fines and Penalties	Fines or penalties assessed by regulators following a notifiable data breach.	Third party
Cyber Crime and Social Engineering	Financial losses from fraud, such as phishing scams that trick your staff into transferring funds. Often available as an optional rider.	First party (optional rider)

Incident response is one of the most valuable parts of a cyber liability policy that is often overlooked. Many insurers provide access to a 24/7 breach response hotline staffed by security experts, legal counsel, and communications specialists. For a small business without an IT department, that access alone can be the difference between a manageable incident and a catastrophic one.

Cyber liability insurance also pairs naturally with business interruption insurance. While standard business interruption coverage protects against physical disruptions like fire or flood, a standalone cyber policy extends that protection to digital shutdowns. If a ransomware attack takes your systems offline for a week, cyber business interruption coverage compensates for the revenue you lost during that downtime.

Are Canadian Small Businesses Really at Risk?

A common assumption among small business owners is that cyber criminals target large corporations, not small operators. The data says otherwise.

According to Statistics Canada, one in five Canadian businesses has been targeted by a cyber attack. The Canadian Centre for Cyber Security’s National Cyber Threat Assessment 2025-2026 reports that the number and severity of cyber incidents in Canada has increased sharply in recent years, with ransomware remaining a persistent and widespread threat across all sectors and organization sizes.

The reason small businesses are targeted is straightforward: they tend to have weaker security controls than large enterprises, but still hold valuable data. A retail business stores payment information. A medical clinic holds patient records. A law firm has client files. Any of those data sets has value to a criminal.

The cost of a real incident is not small. According to claim examples published by Zensurance, a Canadian cyber insurer, actual claim settlements for Canadian small businesses have ranged from $455,000 to $500,000 per incident. Those figures include forensic costs, legal representation, client notification, data restoration, and lost revenue. For most small businesses, an uninsured loss of that size would be existential.

Canadian examples are no longer rare or confined to large targets. The City of Hamilton confirmed a ransomware attack in March 2024. London Drugs, a major Canadian retailer, confirmed a ransomware attack in May 2024. These incidents show that no organization, regardless of size or sector, should assume it is too small to be a target.

THE MOST COMMON THREATS FOR SMALL BUSINESSES

Ransomware, phishing emails that trick staff into revealing credentials or transferring funds, and data breaches caused by third-party vendor vulnerabilities are the most frequently reported cyber incidents affecting Canadian SMBs. For a practical overview of these threats, see our post on common cybersecurity risks and how to avoid them.
.

What Cyber Liability Insurance Does NOT Cover

Understanding the exclusions in a cyber liability policy is just as important as understanding what it covers. Standard exclusions typically include:

Intentional or criminal acts by the policyholder. If a business owner or employee deliberately causes a breach, the policy will not respond.
Bodily injury or property damage. Physical harm or damage to tangible property falls under commercial general liability or property coverage, not cyber coverage.
Pre-existing breaches. If a breach began before your policy inception date, it is generally excluded. This makes it important to report known incidents promptly and not delay purchasing coverage.
Infrastructure failure not caused by a cyber event. A power outage or hardware failure that is not the result of a deliberate cyber attack is typically outside the scope of cyber liability coverage.
Social engineering fraud without a rider. Some policies exclude social engineering losses, such as phishing scams that lead to wire fraud, unless a specific endorsement is added. Always ask your broker whether this coverage is included.

If your business relies heavily on third-party cloud platforms or managed service providers, ask specifically about supply chain cyber risk. Standard policies may have limitations when the incident originates with a vendor rather than directly with your systems.

How Insurers Assess Your Cyber Risk

When you apply for cyber liability insurance in Canada, the insurer will evaluate your business’s security posture before offering a quote. Businesses with stronger controls tend to qualify for better rates and higher coverage limits.

What Insurers Typically Ask About

According to the Government of Canada’s Get Cyber Safe program, insurers commonly ask about: the size and nature of your operations, who your customers are and what data you collect, whether you have had a security or privacy audit, what your annual budget for cyber security is, and what specific technical controls you have in place.

Controls That Can Lower Your Premium

Implementing the following measures before applying can improve your eligibility and may reduce your premium:

Multi-factor authentication (MFA). Enforcing MFA on all accounts and devices is one of the most basic requirements many insurers look for. Without it, some carriers will decline to offer coverage or apply significant premium surcharges.
Employee training. Staff who can recognize phishing emails and social engineering attempts reduce your overall risk profile. Documented training programs signal to insurers that your business takes security seriously.
Incident response plan. Having a written plan for how your business will respond to a cyber incident shows insurers you will not be scrambling from scratch when something goes wrong.
Regular data backups. Offline or off-site backups mean a ransomware attack does not have to be catastrophic. Businesses that can restore from backups quickly face lower business interruption losses.
Patch management. Keeping software and operating systems updated closes the known vulnerabilities that most opportunistic attacks exploit.

Think of cyber security and cyber insurance as two parts of the same strategy. Insurance covers the costs when something goes wrong. Security measures reduce the likelihood that something goes wrong in the first place. Visit our small business insurance page for an overview of commercial coverage options for Ontario business owners.

How Is Cyber Liability Insurance Different from Other Business Coverage?

One of the most common misconceptions is that existing policies, such as commercial general liability or professional liability, already cover cyber risks. In most cases, they do not. The table below shows how cyber liability coverage compares to other common business policies.

Policy Type	Covers Cyber?	The Gap
Commercial General Liability	No	CGL covers bodily injury and property damage. A data breach or ransomware attack is not a physical event, so CGL does not respond.
Professional Liability (E&O)	Partially, in some cases	Some E&O policies include a basic cyber endorsement, but limits are usually low and breach response costs are typically excluded.
Commercial Property	No	Commercial property covers physical assets. Digital data is not considered physical property under a standard policy.
Cyber Liability Insurance	Yes, specifically	Addresses all major cyber risks: breach response, ransomware, business interruption, third-party liability, and regulatory penalties.

For businesses in professional services, technology, or consulting, a cyber security insurance policy should be considered alongside professional liability coverage, not instead of it. The two policies address different risks and together provide a much more complete picture of protection.

Frequently Asked Questions

What is cyber liability insurance and what does it cover?

Cyber liability insurance is a commercial insurance policy designed to cover the financial costs of a cyber attack or data breach. It covers first-party costs such as data breach response, ransomware, business interruption, and system restoration, as well as third-party costs including legal defence, regulatory fines, and damages owed to clients whose data was compromised.

Do small businesses in Canada really need cyber liability insurance?

Yes. Statistics Canada reports that one in five Canadian businesses has been targeted by a cyber attack. Small businesses are frequently targeted because they hold valuable data but often have weaker security controls than large organizations. Real claim costs for Canadian small businesses have reached $455,000 to $500,000 per incident, making an uninsured loss a serious financial threat for most small operators.

Is cyber liability insurance the same as data breach insurance?

The terms are often used interchangeably, but cyber liability insurance is typically broader. Data breach insurance focuses specifically on the cost of a breach involving personal or sensitive information. Cyber liability insurance also covers ransomware, business interruption from cyber events, third-party liability, and regulatory penalties. When shopping for coverage, confirm exactly what events the policy covers.

How much does cyber liability insurance cost in Canada?

A low-limit cyber endorsement added to a professional liability policy typically costs an additional $100 to $200 per year. A standalone cyber liability policy with higher limits generally ranges from $750 to $1,000 or more per year, depending on the size of your business, the data you handle, and the security controls you have in place. Businesses with stronger security postures generally qualify for better rates.

Will my commercial general liability policy cover a cyber attack?

No, in almost all cases. Commercial general liability insurance covers bodily injury and property damage. A data breach or ransomware attack is a digital event, not a physical one, so a standard CGL policy will not respond. You need a standalone cyber liability policy to cover cyber-related losses. Always review your existing policies with your broker to identify any coverage gaps.

What can I do to lower my cyber insurance premium?

Implementing strong security controls before you apply can improve your eligibility and may reduce your premium. The most impactful steps are enabling multi-factor authentication on all accounts, conducting employee phishing awareness training, maintaining offline data backups, having a written incident response plan, and keeping all software and systems patched and up to date.

Let's Discuss Your Coverage –

Claim Your Free Consultation Today!

Let’s Talk Insurance
Get in Touch For a Free Consultation

Name*

Email*

Phone*

Preferred Method of Contact?*

Insurance Type*

Questions/Comments