HALIFAX – Nova Scotia’s largest electric utility says it has fallen months behind in paying contractors and suppliers because of a sophisticated cyberattack in March.
Nova Scotia Power spokeswoman Jacqueline Foster apologized on behalf of the utility today, saying invoices are being paid but progress has been slow.
Foster says dozens of additional staff have been brought in to speed up the payment process, which has involved extensive manual work and establishing workarounds to get the job done.
She says all of the invoices should be paid before the end of the year, but she did not say how much money is owed.
According to CBC News, some contractors are owed hundreds of thousands of dollars.
In September, the privately owned utility revealed that all of its ratepayers may have been affected by the cybersecurity breach.
MONTREAL – Public hearings into $500 million in cost overruns at Quebec’s auto insurance board have wrapped up.
Commissioner Denis Gallant has until Feb. 13, 2026, to submit his report with recommendations to the provincial government.
Premier François Legault launched the inquiry after a February report by the province’s auditor general revealed cost overruns of at least half a billion dollars in the creation of the online platform known as SAAQclic.
The botched 2023 rollout of the platform led to major delays and long lineups at insurance board branches, where Quebecers take road tests, register vehicles and access other services.
Legault had testified that he was kept in the dark about the cost overruns and laid most of the blame for the scandal on the leaders of the state-run corporation.
Éric Caire was forced to step down as cybersecurity minister following the explosive auditor report, and Quebec’s anticorruption unit has opened an investigation into possible wrongdoing.
TORONTO – Shoppers who made online purchases through Canadian Tire Corp. Ltd. may have had their personal information compromised.
The retailer said Monday that it identified a data breach on Oct. 2 involving information stored in its e-commerce database.
The breached information belongs to shoppers who had an e-commerce account with Canadian Tire or its other banners, SportChek, Mark’s/L’Équipeur and Party City.
The data included names, addresses, emails and birth years as well as encrypted passwords and in some cases, incomplete credit card numbers. The credit card information that was available was akin to what would appear on store receipt, Canadian Tire said.
The full dates of birth for fewer than 150,000 account holders were also part of the breach. Those customers whose additional information was involved will be contacted and offered credit monitoring from TransUnion Canada, Canadian Tire said.
The breached information did not include Canadian Tire Bank or Triangle Rewards loyalty data and was not enough for anyone unauthorized to access accounts and make purchases, the retailer said.
It added that the incident did not impact its ability to facilitate in-store transactions and its e-commerce systems are operational.
Since discovering the breach, Canadian Tire said it has resolved the vulnerability and is working with experts to improve security.
“All of our websites and systems continue to be monitored closely by internal teams and external cybersecurity experts,” the retailer told customers on a web page set up to provide information about the breach.
“There is no indication of any ongoing unauthorized activity.”
The company told customers that if they do not receive an email from TransUnion Canada on behalf of Canadian Tire, they don’t need to take further action.
However, it reminded shoppers that it is always a good practice to use strong, unique passwords, avoid reusing passwords and enable multi-factor authentication.
“If you notice anything suspicious, contact your financial institution and report any fraud to police,” Canadian Tire said.
Statistics Canada data show the number of police-reported cybercrimes in the country hit 92,567 last year, up from 65,141 in 2020. Fraud alone made up 46,301 of those crimes, while identity theft accounted for 957 and identity fraud 4,283.
Experts have long said cybercrime is under-reported because of the stigma and embarrassment that can be associated with being scammed.
Cybersecurity issues have been reported in the last year at Nova Scotia Power, the College of New Caledonia in Prince George, B.C., and PowerSchool, the maker of education software used by many schools.
Graham Haigh, former senior vice president and chief operating officer (West) at Wawanesa Insurance, has been appointed to ProNavigator’s strategic advisory council.
ProNavigator is an AI-enabled knowledge management platform for insurance.
Haigh retired in June after a more than three-decade career in insurance — specifically in carrier operations and underwriting leadership. He spent more than 16 years as an executive at Wawanesa.
“Graham’s addition to the Strategic Advisory Council ensures we remain closely aligned with the challenges and priorities of operational leaders across the industry,” says Joseph D’Souza, CEO of ProNavigator in a press release.
In his new role, Haigh will support the platform’s growth strategy and engagement with insurers across North America. ProNavigator’s AI platform centralizes wordings, underwriting guidelines, and operational procedures into a single source.
“ProNavigator helps insurance professionals work smarter, providing faster responses, clearer communication, and more personalized advice, creating a more modern experience for their customers,” says Haigh. “I’m excited to help guide Joseph and his team in their next phase of growth and customer impact.”
“I can still offer some pretty relevant insights to younger people in the business,” he added. “One interesting thing [is watching] how people in the industry interact with artificial intelligence…It doesn’t matter what vertical you’re in. If you use it effectively, you’re going to find ways to improve productivity.”
Canadian small- and medium-sized business owners may “dangerously underestimate” the likelihood and complexity of a cyber breach, says a new survey commissioned by Insurance Bureau of Canada (IBC).
Despite cybercrime hitting a global all-time high, fewer than half (48%) of 308 respondents representing small and medium-sized enterprises (SMEs) believe their business is vulnerable to a cyberattack or data breach, IBC says in an Oct. 1 press release.
In fact, only 6% of respondents strongly agree there is a chance their business is vulnerable to a cyberattack or data breach, IBC says, despite research from Business Development Bank of Canada indicating 73% of small businesses have experienced a cybersecurity incident.
About two-thirds (66%) of respondents, which includes Canadian business owners and decision-makers who work at companies with up to 500 employees, say they are confident in their business’ ability to withstand a data breach or website shutdown. “These findings suggest that most SMEs may not fully understand the true impact and cost of recovering from a cyberattack.”
Other key survey findings include:
Only 47% of respondents say their business is prepared for a cyberattack or data breach
Nearly seven in 10 (69%) of respondents express confidence in their understanding of emerging cyber risks
Fewer than half (48%) have implemented any form of cyber defence
Just 22% carry cyber insurance, and only 12% have a dedicated standalone cyber insurance policy.
“Cyber threats can lead to serious financial and legal issues for SMEs – issues that regular business insurance often doesn’t protect them from,” says Mahan Azimi, IBC’s director of catastrophic and emerging risk policy.
“Responding to an attack may require hiring experts like forensic investigators, lawyers and public relations professionals, which can be extremely costly for businesses that don’t have dedicated cyber insurance. A standalone cyber policy can also help cover costs associated with lost income, recovery efforts and legal liabilities,” he adds.
Business owners are growing more concerned that artificial intelligence (AI) and other new technology will make it harder to protect themselves against cyber risks, the latest survey finds. Concerns rose from 65% of respondents in last year’s survey to 72% this year. Still, only 45% say they have policies and training in place to help employees spot AI-generated scams.
Another finding is that 27% of respondents indicate they are concerned about potential lawsuits stemming from a cyberbreach. “As businesses increasingly rely on vendors, cloud services and outsourced IT providers, third-party cyber risk is becoming a major vulnerability — potentially leaving small business owners liable if a vendor breach compromises customer data,” IBC says.
To help SME owners understand the impact of cyberattacks and how insurance can support recovery, IBC developed a free cyber insurance guide and resources. The guide explains coverage details, offers protection and recovery tips, outlines the insurance application process and shares resources to boost cyber resilience.
“A cyber breach is not just a compromised website or lost data; it’s a business crisis that can impact your reputation and harm anyone whose data you may hold,” Azimi says. “Cyber insurance helps ensure that when the worst happens, you’re not facing it alone.”
Restoration contractors are flagging their inability to reach customers during catastrophe response as an industry-wide problem — but there are a few simple fixes, one of which is already being used by banks, experts tell last Friday’s Canadian Independent Adjusters’ Association (CIAA) Canadian Claims Summit.
Isabelle Babineau, VP of strategic accounts at Paul Davis Restoration, says only 30% of customer files contain more than one method of communication — and that’s usually a home phone number.
In some Cat situations, having only one communication method on hand — especially a landline — may not be enough.
“During the most recent Ontario ice storm that happened earlier this year…we found…there were a lot of remote properties, a lot of cottages. People either weren’t there, or their [phone] towers were down,” she says during a panel discussion on climate change and NatCats.
“There was no power and some of them didn’t even have cell phones. So we found that the communication was a little bit difficult,” she says. “We actually even had to go a bit old-school, depending on the property, to knock on doors and leave a business card, because we couldn’t get in touch with anybody.”
Babineau adds…“One of our asks is [for] more information.
“Homeowners are expecting us to communicate with them very quickly after they’ve contacted their insurance company,” she says. “It’s setting expectations, especially in a Cat situation, where we’re likely not going to get on site within an hour.”
Lessons from the banks
Beyond capturing multiple methods of communication from insureds, there’s a customer communication approach that’s already being used by banks.
A callback service, deployed by banks when customers phone for help, lets customers register a request to speak to a representative at a later, convenient time, instead of having to wait on hold for someone to answer.
“I recently called a bank for something routine, and it was interesting — [selecting] something as simple as when you want to be called back,” says Javier Ibanez, director of sales and marketing at Accomsure.
“I’m not thinking that’s radical technology, but the idea is radical of someone saying to you, ‘We’ll call you back at your convenience.’ Something as simple as that could be embraced by our industry,” he says.
And since many insureds work 9-to-5 hours, they may not always be available during the industry’s working hours. Giving insureds multiple communication options can make them more satisfied with response times during Cats.
“We have to be consistent with our message to the insureds,” adds Roger Leclerc, Cat manager at Laurin Adjusters.
“We fail to set that expectation correctly. During the Cat, maybe you won’t be able to get back to the person for two hours. Maybe you won’t be able to get back to them for a week. Maybe they won’t hear from their contractor for another two weeks. If we set [communication] expectations every single time, we limit the amount of complaints that we’re going to get back to the insurer…and us as managers.”
Costly repair and replacement costs are driving auto insurance rates higher for electric vehicle (EV) owners, says a new report from rate aggregator Surex.
“Electric vehicles have lower maintenance costs than gas vehicles, but that gets offset by a significantly higher insurance price,” says Matt Dillon, the company’s executive vice president of national operations. The study notes maintenance costs are muted by the fact that EVs contain fewer moving parts than gas-powered cars; plus, they don’t require oil changes, spark plug replacement, or transmission work – all of which increase lifetime upkeep costs.
“The average cost to insure a gas car annually in Canada in 2025 is $2,289.27, while for an EV, that number is $3,131.43,” says the report, which finds the average electric vehicle in Canada costs 36.8% more to insure than a gas-fuelled counterpart.
Comparing insurance costs
The company says it reviewed hundreds of thousands of insurance quotes for both electric and gas vehicles over the past 12 months. Across Canada, it found electric vehicles more expensive to insure, with some differences among provinces that can be attributed to vehicle and driver mix. Some examples:
EV Average
Gasoline Average
Alberta
$3,342.93
$2,344.19
New Brunswick
$2,769.36
$1,704.76
Nova Scotia
$3,009.30
$1,608.95
Ontario
$2,932.72
$2,464.18
A key driver of high EV insurance rates is the increased risk of totalling an automobile following an accident. This happens more frequently because even minor damage to an EV’s battery can lead to replacing the entire unit – a repair that runs as high as $50,000, according to Surex’s report.
“Sometimes it makes more sense to just pay for a new vehicle entirely than to wait to order a new battery, pay for that battery and then have it installed,” says Dillon. “Gas cars are much more likely to come out of an accident only requiring individual parts to be replaced or repaired, at a far lower cost.”
Infrastructure build-out
Surex’s study notes another challenge for EV owners is available charging infrastructure, as well as a scarcity of trained repair technicians relative to gasoline-powered vehicles. The latter “can increase repair costs due to specialized labour and potentially longer wait times,” the study says.
Charging infrastructure installation does appear to be moving at a good pace. In an Oct. 2 press release, SureCharge Corp., an operator of public charging stations, says it will be adding 24 high-speed public charging sites in Alberta and British Columbia.
“The new network will fill critical charging gaps along key travel corridors, linking northern, central, and southern Alberta with British Columbia,” the release says. It adds the charging network additions will use $4.7 million in funding from the Canadian government as part of Natural Resources Canada’s Zero Emission Vehicle Infrastructure Program as well as an additional $400,000 from British Columbia’s government.
“With this funding, Canadians traveling on Alberta and British Columbia highways will have access to more EV chargers where they need them most,” says Minister of Energy and Natural Resources, Tim Hodgson. “These chargers give peace of mind to current EV drivers and help address charging anxiety for those considering an EV purchase.”
Companies’ speed of artificial intelligence (AI) adoption, regardless of industry, remains one of the main risks associated with the technology, says Sam Chapman, CFC’s Canada technology team leader.
A recent global survey of 500 companies conducted by Centiment for CFC found 79% of businesses already use AI in some capacity, with most planning to use the technology more in coming years. At the same time, only 32% of businesses are confident their current insurance policies address AI risks adequately.
“I think that’s kind of to be expected when we’re seeing the adoption of this kind of technology so rapidly…for relatively little amounts,” Chapman says. “I think people are feeling like they have to utilize it to remain relevant in their sector versus their competitors.
“It’s that rate of adoption which generally causes that concern; that lack of understanding that goes behind it that potentially causes us concern, especially over the last 12-to-24 months, [where] everyone dipped their toe into the AI sector.”
Like other sectors, professionals in the Canadian P&C insurance industry are applying AI to their operations. For example, Canadian Underwriter heard during the recent RIMS Canada Conference in Calgary that enterprise risk managers face being outpaced by competitors if they don’t move quickly to adopt AI.
The problem is traditional risk management frameworks, with lengthy procedures and strict oversight, can clash with the speed at which AI is evolving.
“If you try and apply standard risk management frameworks and procedures, you’re going to stifle innovation,” Paige Cheasley, national technology practice leader at Gallagher, tells CU at the conference. So, risk managers have overcome this by creating minimum frameworks, requirements and safeguards “to make it so that they can quickly try, fail, or try different AI initiatives…and then implement them.”
AI insurance
From an insurance industry perspective, the good news is there are insurance policies that cover AI-perpetrated cybercrime, such as AI-generated deepfake videos, CU has heard. There are also AI solutions to identify deepfakes through things like errors in pixelation, Chapman adds.
So how can your clients’ employees recognize AI-generated scams or deepfakes?
Although deepfakes are getting better, there is “still an element of lag” to them, Chapman says, adding he doesn’t believe this is going to be an issue for much longer. Another potential red flag is things like unusual tones or the manner in which somebody is speaking.
Besides speed of adoption, another important consideration for the industry is privacy.
For example, when insurance professionals rely on AI-generated recommendations without fully understanding how those outputs are produced, they risk breaching their duty to provide informed and transparent advice, says Jaime Cardy, a senior associate at Dentons Canada LLP.
“There are risks that the use of AI tools may contravene insurers’ privacy obligations and/or undermine clients’ privacy rights by processing clients’ personal information in a manner that is not aligned with customer consents or otherwise required or permitted by law,” she says.
Cardy also recommends using disclaimers when customers are interacting directly with AI.
Disclaimers should be clear, concise and transparent, she says. The specific language will depend on the situation, but in general, Cardy says a disclaimer should:
Identify that the customer is interacting with AI, address any limitations (e.g., the outputs may not always be accurate or complete)
Inform the customer how their information or inputs may be used and stored (e.g., direct them to the relevant privacy notice), and
Offer an escalation option/a human alternative for sensitive matters or for customers who are not comfortable interfacing with AI.
“Where opt-out or escalation options are not legally required, they may still be advisable from a customer trust and service perspective,” Cardy says. “Jurisdiction-specific statutory notice requirements should also be considered.”
Enterprise risk managers face being outpaced by their competitors if they don’t move quickly to adopt artificial intelligence (AI).
Yet, traditional risk management frameworks, with lengthy procedures and strict oversight, can clash with the speed at which AI is evolving.
“If you try and apply standard risk management frameworks and procedures, you’re going to stifle innovation,” says Paige Cheasley, national technology practice leader at Gallagher.
“The risk would be, if it takes you six months to vet something like an AI project that you want to do, it’s possible [it will be] obsolete by the time you launch it,” Cheasley tells Canadian Underwriter at the RIMS Canada Conference in Calgary. She spoke in a RIMS session on artificial intelligence and cyber risk, and caught up with CU to discuss the highlights.
The fast speed of AI development requires risk managers to adapt their risk management tools to reap the benefits without failing or falling behind, she says.
Four steps to embracing AI
There’s a fine balance between moving too slowly to bring AI into your business and applying so much caution that your tool lacks the chance to improve.
“If you’re not going to get on board, you’ll fall behind. So [risk managers] have to [overcome] this by [creating] minimum frameworks, requirements and safeguards to make it so that they can quickly try, fail, or try different AI initiatives…and then implement them,” says Cheasley.
There’s a four-step outline companies can use to adopt third-party AI platforms effectively while moving quickly.
Step 1 is the identification phase. Risk managers must identify what the AI will be used for and equip staff with risk identification tools that make them aware of their AI risks.
“It’s twofold,” Cheasley says. “You can give them some awareness [of what to] watch out for, but also you get a sense of what they’re wanting to do, and then you can keep track to see if they they’re advancing with it.”
Next is the test and pilot stage.
Risk managers should “fast track AI pilot vetting so that they can quickly test and possibly fail or not, because there’s a high failure rate as well,” Cheasley says.
(Specifically, an MIT study found internally built AI solutions experience a failure rate three times higher than third-party AI adoption. That’s because companies try to avoid friction in their proprietary AI processes but inadvertently create a product that hasn’t experienced live issues that require management. When issues do arise, the AI fails to adapt.)
If the third-party AI needs to be implemented fast, risk managers will need to pre-establish their rules of engagement.
“[Are] you using it to help you write nice-sounding emails, or are you using it to diagnose X-rays? It depends on what you’re doing with it. You have to think about, from an insurance perspective, is it creating a new exposure for you?” Cheasley poses.
Step 3 is the development and implementation stage. Here, risk managers should ensure any agreement with their third-party AI contractor is ironclad and includes performance monitoring metrics.
“There’s that risk transfer contractually to the vendor, which gives more comfort to the underwriters,” Cheasley says.
Step 4 is continuous monitoring.
“AI is changing so quickly and advancing so quickly that something you’re thinking of now and concerned about now may not be a problem soon or [may become] a much bigger problem soon,” Cheasley says.
But risk managers can plan to mitigate future problems through “continuous monitoring and watching the evolution of your model,” says Cheasley, alongside “human oversight, proper safeguards, making sure your agreement with the vendor is very clear on who owns what, who’s data is where and what’s happening with [it].”
Doing that enables risk managers to protect themselves and their business, “and give…some sort of recourse against them if it’s not working as it should, or they’re not managing those risks that they’re supposed to be managing on your behalf.”
How do insurers determine fault in accidents involving cars that rely at least in part on autopilot systems?
Answering that question is harder in the wake of a recent $242.5 million civil verdict in Florida, which found an autopilot feature was partially responsible for a fatal 2019 collision involving a Tesla, says Adam Mitchell, CEO of Mitch Insurance.
Plus, a recent lawsuit by Tesla shareholders alleging the vehicle maker concealed some risks of self-driving systems only adds to the confusion. The Tesla shareholders’ allegations have not been proven in court. Elon Musk, Tesla’s CEO, has dismissed the allegations, saying the car’s safety metrics are better when the Autopilot feature is engaged than when it is not.
In the meantime, no regulatory frameworks or questions on standard insurance applications exist to help brokers or carriers determine whether a client, or prospective client, will regularly use autopilot when driving high-tech electric vehicles (EVs), Mitchell says.
“Right now, in our regulatory framework, there’s only one policy, and the only mechanism [insurance providers] have is to increase prices or decrease [prices] based on risk,” he tells Canadian Underwriter. “Insurance companies are going to be waiting for these things to prove-out. Are there fewer accidents, less severity, and does that offset the increase in distracted driving or the increase in people not paying attention?”
Another factor affecting premium-setting is recognition of EVs’ tendency to catch fire following serious crashes. Those fires, caused by a phenomenon called thermal runaway, tend to result in total losses for the vehicles and can lead to fatalities.
“They need to actually be cordoned off well away from other things, because the fire is so intense,” Mitchell tells CU.
Ultimately, he suggests auto manufactures may have to become the purchasers of insurance coverage because the courts are deeming them liable.
“That means they have risk. And with any risk, you either self-insure or…try and transfer the risk over to an insurance company for cost,” he adds.
“Everything’s available for a certain dollar. Sometimes the cost is one-to-one, and there’s actually no savings for the risk transfer. But somebody will be willing to take this risk.”
Or, it’s possible additional jury verdicts will follow the Florida civil lawsuit, including an ongoing appeal of that verdict, and eventually create precedent. Depending on how that goes, it could mean an untenable amount of risk and liability will be put onto auto manufacturers.
“If you [don’t] want to expose yourself to something, just leave all the liability where it [already] sits – with the person making the bad decision,” says Mitchell. “Don’t expose yourself to a place where you can incur more liability.”
“Do these vehicles ultimately become uninsurable because of all the tech?” he asks. “Do insurance costs…go so [far] through the roof that all of a sudden getting a [Mazda] Miata – there’s no tech…no confusion about driver liability – becomes really attractive? A cheap car that’s cheap to run [and] really cheap to insure.”
