Cyber risk dominates
28% selected cyber risk – data breaches, criminal threats and widespread outages – as their top risk concern, up from 31% in 2025.
Cyber risk is now the number one threat concern of Canadian executives. What was once seen as an IT problem has become a serious business risk, with the potential to disrupt operations, damage reputation and spread across supply chains with lasting impact.
Our tracking of Canadian-based executives shows strong concern about cyber risk, but also high confidence in existing resilience measures. Many believe they would recover fully - financially and reputationally - after a cyber incident. In reality, this confidence is likely to be misplaced.
Cyber criminals are increasingly using AI driven tools to run fast, large-scale phishing and reconnaissance attacks. These automated systems exploit the connected nature of modern technology, making attacks quicker, smarter and far harder to detect or contain. As a result, cyber threats are escalating across economies, with less warning and greater consequences.
Resilience today must be built into everyday business planning, not treated as a one-off exercise. Organisations need clear, well tested business continuity plans that allow them to respond quickly and effectively to cyber incidents.
Planning should also consider the real cost of an attack. This includes understanding how much financial impact the business can absorb, what cyber insurance is in place, where cover may be limited, and where controls or processes have gaps. Without this clarity, recovery will be slower, more expensive and more disruptive.
Source: Beazley Risk & Resilience Surveys.
Risk perceptions show continued concern around cyber and disruption risk. Notably, cyber eases slightly this year - unlike in other regions where it continues to rise - while disruption risk increases and overtakes cyber. Technology obsolescence declines steadily, suggesting system upgrades are gaining traction. IP risk remains stable, pointing to sustained concern rather than escalation. Overall, this reflects shifting priorities rather than reduced risk.
Risk resilience confidence rises sharply across all technology and cyber risks. Perceived ability to withstand disruption, cyber threats, IP risk and technology obsolescence all increase year on year, reaching the mid to high 80s this year. This suggests strong confidence in preparedness, despite ongoing and evolving risk exposure rather than diminished threat levels.
Investment priorities reflect a focus on future-proofing rather than pure defence. A third are investing in new technologies such as AI, signalling growth ambitions, while cyber security and risk management investments sit slightly lower but remain material. A quarter are exploring insurance combined with risk and crisis management, highlighting increasing recognition of insurance as part of building active resilience.
This year risk concerns diverge between small and large firms. Small firms show higher concern around disruption and IP risk, suggesting greater vulnerability to operational shocks and intangible assets. Large firms remain more focused on cyber risk, where concern stays elevated. Technology obsolescence sits at similar levels, indicating shared pressure to keep pace with change.
Preparedness gaps between Canadian small and large organisations are modest. This year, both report high confidence across most risks. Small firms often match large organisations perceived preparedness, except for IP risk, where larger firms show greater confidence, highlighting the role of scale in IP resilience.
Anticipated cyber attack impacts are broadly similar for small and large Canadian firms. Large organisations are more concerned about long-term business disruption and reputational damage, while smaller firms place slightly greater emphasis on third party liability and management time. Data loss and regulatory costs are seen as equally significant by both groups.
Cyber risk concern and preparedness attitudes vary significantly by sector. Tech, Media & Telecoms show the highest concern alongside strong preparedness. Financial Institutions & Professional Services report lower concern but very high readiness. Overall, preparedness consistently exceeds concern, though gaps are more evident in Hospitality and Construction related sectors.
Planned resilience actions vary by sector. Tech, Media & Telecoms lead investment in cyber security and emerging technologies, particularly AI. Manufacturing also prioritises cyber security and AI, while Energy sectors are focusing more on risk management services. Hospitality shows comparatively lower cyber investment but greater interest in insurance led support.