Cyberattacks aren’t a distant threat – they’re happening every day to businesses of all sizes. But they don’t have to be catastrophic. With a clear plan and swift action, you can minimize the impact and emerge even stronger.

Associate Member Acera Insurance shares some practical strategies to help our members prepare, respond effectively, and build resilience for the future. Learn about the lifecycle of an attack – beginning at the first point of entry to the financial and legal fallout – and actionable strategies for recovery and long-term resilience. From understanding who’s behind today’s attacks to building a tested incident response plan, here’s what you need to know.

Who’s driving today’s cyber threats?

Cybercrime is no longer just the domain of lone hackers in basements. Today’s threat actors are highly organized, well-funded and increasingly strategic in their approach. Understanding who they are and what motivates them is essential for building effective defences. Here are the top and emerging players shaping the modern threat landscape:

Nation-states
State-sponsored groups focused on espionage, infrastructure disruption and cybercrime to fund regimes.

Organized crime syndicates
Criminal enterprises that operate like businesses and are often behind ransomware, financial fraud and large-scale data theft.

Lone hackers
Independent actors using dark web tools for opportunistic attacks.

Hacktivists
Ideologically motivated attackers targeting organizations to advance political, social or environmental causes.

Where are the weak spots?

Attackers rarely storm the gates – they slip through cracks in everyday systems and processes. These vulnerabilities are not only common but increasingly sophisticated, making them prime targets for exploitation. Here are the most frequent and emerging entry points organizations need to watch:

Phishing attacks
Still the leading tactic for stealing login credentials, spear phishing emails and fake login portals are commonly used together.

Cloud vulnerabilities
Data has increasingly shifted to the cloud, with many small businesses relying on Microsoft 365 and Google Workspace. Cloud environments face 30 times more attacks than on-premise systems.

Brute force attacks
Password guessing remains effective where multi-factor authentication (MFA) isn’t enabled – a persistent gap that can be easily addressed.

Adversary-in-the-middle (AiTM)
A growing threat: even MFA can be bypassed through login session hijacking. These types of attacks are also often initiated through phishing and fake login portals.

Email redirection and payment fraud
Attackers manipulate email flows to redirect payments from vendors and exploit internal payment processes to siphon funds.

Vulnerable edge devices
Firewalls, routers and other network hardware are prime targets if not patched or properly configured.

Unprotected endpoints
Any device lacking robust monitoring or endpoint protection can serve as an easy entry point.

The first 24 hours: Every minute counts

When a breach occurs, time is your most valuable asset. The first day sets the tone for recovery and can determine whether the impact is contained or spirals out of control. A clear, tested incident response plan is critical. Here’s what to prioritize immediately:

1. Contain the threat: Stop further spread or access immediately.
2. Preserve evidence: Avoid wiping logs and data that could be vital for investigation.
3. Isolate affected systems: Disconnect compromised devices from the network.
4. Secure backups: Ensure clean copies are protected and accessible.
5. Engage experts early: Technical and legal teams should be looped in as soon as possible.

If cyber insurance is available, call your insurer’s hotline even if there’s only a suspicion of a breach so they can activate an incident response team and help clarify your coverage to avoid unexpected out-of-pocket costs. Additionally, key vendors to be engaged post-breach include digital forensics, legal counsel, public relations and notification services. Acting fast but in a planned, practiced way is essential.

Building resilience beyond prevention

Even the best defences can still be breached. Resilience is what keeps businesses afloat when prevention fails. A robust resilience strategy ensures you can absorb the impact, recover quickly and adapt for the future. Here’s how to make resilience part of your organizational DNA:

Maintain and test your incident response plan
Your incident response plan isn’t something you write once and forget. It should be a living guide that’s tested regularly (just like fire drills) so everyone knows their role under pressure. Include clear steps for containment, evidence preservation and communication.

Keep physical copies accessible
In a crisis, digital access may be compromised. Store hard copies of your incident response plan and cyber insurance policy in a secure but accessible location.

Educate key players
Ensure leadership, IT teams, legal counsel and other staff understand their responsibilities. Training should cover decision-making under pressure, escalation paths and vendor coordination.

Update regularly
Threats evolve, and so should your plan. Review and update your incident response strategy at least annually or after any major organizational change or cyber event.

Prepare for business interruption scenarios
Think beyond technical recovery. If systems go offline (e.g., VPN downtime for remote workers), how will you notify employees? How will you maintain operations? Build contingency plans for communication and continuity.

Resilience = Preparation + Detection + Response + Recovery + Adaptation

The cost of a breach

Cyberattacks carry a price tag that goes far beyond ransom payments. The financial, operational and reputational consequences can be severe and long-lasting. Here’s what organizations need to consider:

Direct financial costs

• Fees for third-party response vendors including forensic investigators, legal counsel, crisis communications and IT recovery teams.
• Ransom payments and fees for negotiation services.
• Fines and penalties from regulatory bodies for violations of privacy law.
• Litigation costs if legal action is taken by affected parties.

Indirect and operational disruption

• Business interruption (downtime that affects productivity and revenue).
• Recovery costs (resources needed to restore systems and operations).
• System fortification (post-breach upgrades to improve security).

Human impact

• Poor communication and uncertainty can damage employee morale and lead to turnover.

Strategic and competitive impact

• Innovation may stall as resources get diverted to crisis management and recovery.
• A breach can disrupt critical workflows and pipelines, delaying service delivery and project milestones.

Third-party consequences

• Partners may cut off access to their systems and networks until reassurances are provided, and may require audits or impose new standards before resuming collaboration.
• Contract renewals may be affected as partners seek to revise terms or conditions to address new risks and liabilities.

Final thoughts

As one of our experts puts it, you’re more likely to experience a cyberattack than a fire or flood. Yet many organizations still treat cybersecurity as an IT concern rather than a strategic imperative. That needs to change.

Technology alone won’t make your organization secure. Building resilience means embedding security into the fabric of your organization. More than just deploying tools, it requires a culture where every employee understands their role in protecting data and systems.

This means:

• Shared responsibility: Security is everyone’s job, not just IT. Make it clear that every click, password and decision matters.
• Regular awareness training: Keep staff informed about evolving threats and best practices. Short, frequent sessions work better than one-off courses.
• Clear communication: Policies should be simple, accessible and reinforced through everyday channels.
• Leadership commitment: When leaders prioritize security, employees follow. Visible support from executives signals that resilience is a business priority.
• Positive engagement: Frame security as enabling trust and continuity, not as a burden. Celebrate good practices and make reporting easy.

A strong security culture turns employees into your first line of defence against cyber threats.

—

This article is based on a webinar featuring an expert panel on cybersecurity:

• Matt Lewis and Patrick Curtin, Field Effect
• Calvin Engen, F12.net
• Imran Ahmad, Norton Rose Fulbright LLP
• Ashley Burdon, CFC Underwriting
• Aliya Daya, Acera Insurance
   

Article is provided by:
Rob Shearar is a Senior Client Executive, Commercial Insurance and Partner with Acera Insurance. He brings 20 years of specialized expertise in custom insurance and risk management solutions for manufacturing, whole and distribution and commercial property across Canada. Connect with Rob at [email protected] or 604.484.0208.

Mark Lee is Director, Commercial Client Care for the BC and Yukon offices of Acera Insurance. He brings more than 30 years of experience developing and structuring large, complex insurance and risk management programs, specializing in the manufacturing and technology sectors. Mark is a former board member of Canadian Manufacturers and Exporters BC and an active member of the Manufacturing Safety Alliance of BC. Connect with Mark at [email protected] or 604.484.4999.

Information and services provided by Acera Insurance, Acera Benefits and any other tradename and/or subsidiary or affiliate of Acera Insurance Services Ltd. (“Acera”), should not be considered legal, tax, or financial advice. While we strive to provide accurate and up-to-date information, we recommend consulting a qualified financial planner, lawyer, accountant, tax advisor or other professional for advice specific to your situation. Tax, employment, pension, disability and investment laws and regulations vary by jurisdiction and are subject to change. Acera is not responsible for any decisions made based on the information provided.