Cyber Insurance Ready

43% of Canadian cyber insurance claims are denied.Here is why — and how to protect yourself.

Cyber insurers deny claims when businesses had poor security at the time of breach. Guardlyne identifies and helps you fix those gaps before you need to make a claim.

Check your insurance readiness free

The most common reasons cyber claims are denied in Canada

No multi-factor authentication

Insurers expect MFA on email, remote access, and financial systems. If you were breached through an account without MFA, many policies exclude coverage entirely.

No DMARC email authentication

DMARC prevents criminals from sending emails pretending to be you. Without it, your domain is unprotected. Insurers increasingly require it as a condition of coverage.

Backups not tested or not isolated

Having a backup is not enough. If your backup was encrypted by the same ransomware attack, it is useless. Insurers want to see tested, isolated backups.

No incident response plan

When a breach happens, what do you do in the first 72 hours? Without a plan, businesses make costly mistakes. Insurers use the absence of a plan to reduce or deny payouts.

Known vulnerabilities not patched

If a breach exploited a vulnerability that had a patch available, insurers can argue the breach was preventable and reduce their liability.

Misrepresentation on the application

If you said you had security controls that you did not actually have, the insurer can void the policy entirely — even for unrelated claims.

What Canadian cyber insurers look for in 2026

The minimum security baseline most insurers now require for SMB coverage

Multi-factor authentication

On email, remote desktop, financial systems, and admin accounts. Non-negotiable for most insurers.

Guardlyne: Identity & Access module

DMARC email authentication

Prevents domain spoofing. Insurers check this directly on your domain before quoting.

Guardlyne: Email Security module

Tested backup and recovery

Backups must be isolated from the main network and tested for restorability.

Guardlyne: Backup & Recovery module

Incident response plan

A documented plan for what to do in the first 72 hours of a breach.

Guardlyne: Incident Response module

Endpoint protection

Managed antivirus and device management across all company devices.

Guardlyne: Endpoint & Device module

Security awareness training

Staff trained to recognise phishing at least annually.

Guardlyne: Human Risk module

Privileged access management

Admin accounts separate from daily use accounts. Least-privilege access enforced.

Guardlyne: Identity & Access module

Vendor security review

Third parties with access to your systems reviewed for security posture.

Guardlyne: Vendor Risk module

PIPEDA compliance

Canadian privacy law compliance. Breach notification process documented.

Guardlyne: Canadian Compliance module

How Guardlyne makes you insurance-ready

01

Scan your environment

Connect Microsoft 365 in 60 seconds. Guardlyne automatically checks all 9 controls insurers look for — no manual questionnaire needed.

02

See your insurance readiness

Your dashboard shows an insurance ready or not insurance ready status with specific gaps identified. No surprises at renewal.

03

Fix what matters most

Plain-English fix list prioritised by what insurers care about most. Each fix includes estimated time to complete.

Common questions about cyber insurance

Does a Guardlyne grade guarantee my insurance claim will be paid?
+
What security controls do cyber insurers actually require?
+
How much does cyber insurance cost for a Canadian SMB?
+
What is the difference between a cyber insurance claim and a general liability claim?
+
How does Guardlyne help at renewal time?
+

Are you insurance ready?

Find out in 60 seconds. Connect your Microsoft 365 and get your insurance readiness status — free for 14 days.

Check your insurance readiness free

14-day free trial · No credit card · Canadian data residency

For brokers: See how Guardlyne works for your brokerage →