Stay ahead!
Click a tag to get email alerts when we publish related content.
Cybercrime got personal: Why hasn't the advice?
Published on June 30, 2026
Every Canadian has heard the term cybercrime, but most dismiss it as an IT department worry.
Unfortunately, the thing that most commonly gets lost in conversations about cyber security or cybercrime is that the most effective attacks in the current landscape have almost nothing to do with technology.
Social engineering — the practice of manipulating people into doing something they otherwise wouldn't — is now the dominant threat for Canadians. Not malware. Not zero-day exploits. Not sophisticated intrusion techniques. A phone call. A text message. An email that looks exactly like the one your bank sends.
The numbers bear this out. According to the Canadian Anti-Fraud Centre's 2024 Annual Statistical Report, Canadians reported $638 million in fraud losses that year — and the Centre estimates those reports capture as little as five to ten percent of what is actually lost.
These attacks work not because Canadians are careless or naive, but because they are human. They exploit our familiarity, our trust, our urgency, our instinct to help, our fear of getting in trouble, and they do so with increasing sophistication.
The fraudster calling an elderly Canadian and claiming to be from the CRA isn't trying to hack anything. They're trying to scare someone into making a bad decision before they have time to think, and it works more often than it should.
Adding fuel to the fire is how accessible cybercrime tools have become. They are so easy to deploy at scale that targeting ordinary households has become routine. You don't need a sophisticated operation to run a phishing campaign or technical expertise to impersonate a bank, a government agency, or a panicked grandchild. You just need a template, a list of email addresses, and the reasonable expectation that if you cast the net wide enough, someone will bite.
This shift changes everything. If the attack targets a person’s trust rather than a system’s flaw, no technical defence answers it. No software patch fixes a moment of panic. No firewall stops a wire transfer the account holder sends willingly.
Instead, we need more awareness, better habits, and the kind of calm, informed guidance that people get from professionals they already trust, but where have all these professionals been?
A conversation the industry has been avoiding
Call it what it is: a blind spot. For years the people Canadians trust with their money — their advisors, their brokers, their financial planners — treated cyber risk as someone else’s file. That was defensible when the products were thin and the data thinner. It is not defensible now.
Things have changed. Professionals need to start thinking about what exposure looks like for their clients. Their investment account credentials harvested in a phishing scam. Their identity used to file a fraudulent tax return. Their aging parent wiring money to a scammer who spent three months building a fake relationship over the phone. Their small business email compromised resulting in a supplier making service or goods payments to a fraudster’s account.
These events can have devastating consequences for Canadians and without a cyber insurance policy, it’s unlikely they are covered for these types of losses.
The risks are real, and so now are the defenses. Knowing both is no longer optional — it's the job. An advisor who can't speak to a client's cyber exposure, and put real options on the table, is leaving a gap someone else will fill.
Any advisors worth their fee will not wait to be asked. They raise it first, sit through the awkward thirty seconds, and have the conversation before the fraud does. For many it could be their most important conversation of the year.
Cyber risk has grown up
Personal cyber insurance is no longer a novelty product. It is a legitimate, functional product covering losses that are now ordinary for Canadians. So, why does the average Canadian have home insurance, car insurance, life insurance, but almost nothing protecting them from the risk most likely to actually disrupt their financial life this year?
The question is no longer whether this coverage is relevant, it's why so few people have it and who is responsible for that gap.
The answer is threefold. Part of it is awareness. Part of it is the long-standing association of cyber risk with enterprise IT. And part of it is that the industry has not always made the conversation easy to start.
There is no excuse left for ducking the conversation. The products are better, the data is clearer, and clients are, frankly, already worried. And the true cost runs many times higher than anything Canadians actually report. Canadians already rank fraud and identity theft ahead of car theft, home break-ins and street crime on their list of fears. They are worried about exactly what they should be. The question is whether their advisors are.
Stay ahead!
Click a tag to get email alerts when we publish related content.