Cyber 2021: Unpacking the Industry’s Trends and Threats

Cyber 2021: Unpacking the Industry’s Trends and Threats

In a recent panel discussion, Trisura’s manager of professional solutions, Angela Feudo, shared insight about the cyber trends and issues the industry is facing today.

This interview is part of a special report published by Insurance Business Canada. You can read the full report here.

IB | How would you describe the state of the Canadian cyber insurance market? (Rates, capacity, coverage limitations, new buyers etc.)


Smiling woman with brown hair and blazer in front of buildings backdrop.AF | The cyber insurance market has, for the most part, continued to tighten over the last year. There have been numerous carriers who are reducing their capacity, increasing rates, restricting terms and implementing tighter underwriting controls. While capacity contractions generally are becoming more common, there has been a focus on limiting network extortion. There continues to be an increased number of ransomware events, which has led to this response from the market. As both the frequency and severity of claims have increased, the rates have also increased significantly to compensate. There has been a greater focus from insurers on their clients’ cyber risk management and security awareness.  An increase in cyber security awareness and risk management will ultimately be beneficial for everyone. The awareness in cyber attacks has also brought an increased interest in cyber insurance. We are seeing more requests for cyber insurance from first-time buyers as ransomware attacks are no longer viewed as just a large organization concern. Smaller companies have become acutely aware that they too can be targeted.

IB | Ransomware is arguably the hottest topic in cyber insurance today. How have you seen the ransomware threat evolve in recent years, and where do you see this challenging risk headed?
AF |
Ransomware has increased in the number of companies and type of companies being compromised. Ransomware as a service has allowed for an increase in the number of individuals that can launch a ransomware attack. Threat actors no longer necessarily need to be a technically skilled hacker to deploy ransomware because it is now more accessible than ever to utilize. Individuals and organizations have become more cyber savvy in their defences against cyber criminals, and many have concentrated efforts and resources in creating, maintaining and encrypting backups, as well as focusing on their restoration processes. Due to these efforts and, in the event that files were corrupted, companies didn’t necessarily have to pay the ransom. Threat actors have moved to engaging in double extortion, meaning that the hackers would threaten to release private information if the organization doesn’t pay. Threat actors are also using distribution denial of service [“DDoS”] attacks as well on their victims to put pressure on them to pay the ransom. Hackers have expanded ransomware into a business model will use the best method against the victim. This can include encryption, DDoS or releasing of private information to cause the most disruption.

IB | Which industries are most exposed to cyber risk, and are these industries buying cyber insurance?
AF |
Any individual and organization that uses the Internet is exposed! Some industries and businesses, however, may be at a higher risk. Historically, the focus has been on healthcare, government, utility companies, schools and financial institutions. This has not changed; today, these industries continue to be at a higher risk, for different reasons. The health care industry has many older legacy systems that go unpatched. That, coupled with holding patient records, makes them an attractive target. Government, financial institutions and universities also hold a lot of confidential information. The larger organizations in these industry groups have been buying cyber insurance for years. Now, the smaller companies are also purchasing cyber insurance more regularly. We have also seen an increase in claims in the manufacturing, professional services and construction spaces. While there has been an increase in cyber purchases in these additional spaces, there are still a lot of companies who still do not purchase cyber insurance.

IB | How does the hardening market impact insurance brokers? What must they do in order to navigate this market successfully and secure the best solutions for their clients?
AF |
The hardening cyber market has created additional challenges for brokers. With markets reducing capacity, it has left brokers looking for replacement markets for those towers. It is now even more important for underwriters to clearly communicate their appetite to brokers, so they know who might be a viable option for their clients. Cyber is no longer just privacy based; for example, the exposure that a manufacturer has versus that of a law firm is very different. It is critical that insurers understand their client’s exposure in order to develop a trusted advisor relationship with their client. It is important for brokers to stay on top of emerging cyber threats, as this will enable them to educate their clients on where the exposures are. A lot of markets are asking for more underwriting information; understanding where potential exposures lie allows markets to get ahead of risks and be proactive in preparing the necessary increased security measures. The better controls a company has in place, the more likely they will be able to obtain better terms. Better controls are beneficial for the client, as their systems will be better protected from exposure. With the evolving digital landscape, it can be difficult to stay on top of the market, particularly if you are not a cyber specialist. Finding a specialist you can trust to help navigate the market will help.

IB | What are the most common cybersecurity attack vectors and breach methods?
AF |
We are still seeing a lot of losses arising from either weak or compromised credentials. Usernames and passwords continue to be exposed in data leaks and phishing scams. When this type of information is stolen or lost, the cybercriminals can easily access the company’s systems. If an employee uses the same password for both personal and business systems and the individual’s password gets compromised on their personal device, the hacker can use this opportunity to hack into the company’s system. Having good password hygiene, using multi-factor authentication or even biometrics can help combat this risk. Phishing continues to be a common method used by hackers, likely because it works. Cybercriminals are expanding on the methods they use in phishing; for example, during the pandemic, we’ve seen phishing scams where criminals are imitating health organizations or use the guise of providing relief money. Continued employee training, phishing tests and employing the principle of least privilege for access in systems can help with combat this risk.

It is important to also note that not all threats come from humans. Unpatched applications and servers are also a common vulnerability that can leave systems open to attacks. A good example of this is the January 2021 Microsoft Exchange Server attacks, which affected over 200,000 servers. Although patches were released by Microsoft in March, they did not retroactively remove any backdoors that might have been installed by hackers. Implementing software updates and installing patches as soon as they are available can help mitigate these vulnerabilities.

IB | In the growing threat landscape, what are some best practice cyber risk mitigation tactics that all companies (large and small) should implement?
AF |
Cyber risk for both individuals and businesses has continued to increase since the inception of the internet. This will only continue to increase over time as we become more connected to the internet and cybercriminals find new ways to take advantage of vulnerabilities. Companies of all sizes are vulnerable to cyber attacks and they should be taking steps to help mitigate those exposures. Human error still remains one of the top factors in cyber breaches, and so, employee awareness training is key to help combat this risk. Multi-factor authentication is becoming a standard security measure that all companies should implement because it improves a company’s security by adding an additional step that a cyber criminal would have to breach to gain access to a company’s system. Employing a patch management process allows you to keep your software functioning properly and maintain good security posture. Being up to date with the most current security fixes to combat any known vulnerabilities in the software. Businesses should also have a current record management system, keeping only records the company needs and getting rid of old data that is no longer useful. If you hold the record, you will need to protect it. If all else fails, it will be useful to have current back ups of important data. Back-up strategies will be different for each company, but the data in the back ups should be current, encrypted and stored securely off-site.

IB | How has the COVID-19 pandemic impacted the cyber risk landscape?
AF |
Since the COVID-19 pandemic started we have seen cyber criminals take advantage of people working from home. A lot of businesses did not have systems or the security designed to accommodate the majority of their staff in a work-from-home scenario. As a result, there has been an increase in phishing attacks and malware. Typically, devices at home are less secure, so multi-factor authentication, a focus on employee training and remote incident response plans are critical. COVID-19 has broadened out the cyber attack surface for cyber criminals to take advantage of due the increase in employees working from home. Many businesses realized the increase in exposure and invested in IT and additional cyber controls to help manage this risk. It is also important to look to the future of post-pandemic business models. It is expected that more businesses will allow for a more flexible workplace; whether that be a full work from home model or a hybrid that could include desk sharing. Technology, security and employee awareness training plans will need to be updated to ensure the best cyber security hygiene is in place for an organization. It will also be important to refresh the organization’s incident response plan to include how the company is currently conducting their business and where their employees are located.

IB | What cyber risks are lurking on the horizon?
AF |
Cybersecurity staffing shortages is a concern for businesses and the insurance industry. As the number of attacks grow and the demand for cybersecurity professional increases, there has been a continued decrease of cybersecurity staff. According to an article from CNN, there is approximately 3.12 million unfulfilled positions globally. With unfulfilled cybersecurity positions, businesses are more vulnerable to breaches. Cybersecurity is a global concern not only because hackers can reside anywhere in the world, but also because they can use other companies’ systems to breach yours by utilizing DDoS, MITM (man-in-the-middle attacks) and cryptojacking techniques. Cybersecurity should be a group effort against cybercriminals. Additionally, as 5G continues to expand (it is faster and can support more devices than traditional networks), it will increase the cybersecurity risk, as there is much more software being used in the network and, therefore, the attack surface has expanded. The increased speed of 5G, while beneficial to users, can prove to be a challenge for cybersecurity professionals. With its ability to support more devices, 5G will allow for more IoT devices. Not all IoT devices are manufactured with security in mind. With billions of IoT devices connected—all with mixed security levels—there could be potentially billions of breach points.

Return to Business: Preparing and Updating a Business Cash Flow Plan

Return to Business: Preparing and Updating a Business Cash Flow Plan

By Sara Ametrano and Victor Bandiera

 

 

Four stacks of coins increasing in height from left to right, with a jar full of coins at the end. A green upward-pointing arrow is on top of the piles.

Example image of financial increase.

To alleviate individual financial struggles due to COVID-19, the Federal government implemented the Canada Emergency Response Benefit (CERB) program. This initiative (currently in place until October 23, 2021) provides financial relief for eligible employers to cover a portion of their employees’ wages if their business was impacted directly by the pandemic. Now, as the country moves toward a sense of normalcy, resuming regular business operations and repairing the economy, the CERB program is ending.

 

 

What can you do to be ready?

If you’ve received financial support through CERB, putting a plan in place to resume business operations and generating profits is key. Part of your plan should include determining and updating your cash flow forecasts. Keep in mind there is a difference between cash flow forecasts and financial forecasts; where a financial forecast projects expected income over 12 months, a cash flow forecast is the actual cash activity (in and out) on a monthly or weekly basis.

 

Are cash flow forecasts necessary?

Yes. As you create a cash flow forecast, you must understand why the forecast is needed in the first place. History is littered with companies that were growing and making money but ran out of cash when they needed it the most. As your business shifts to growth mode, you will likely have a delay between doing work and getting paid, which could stress your balance sheet. Your cash flow plans are crucial for funding growth, so keeping your plan up to date and as accurate as possible rather than revisiting it on a reactionary basis is crucial. A surety and/or bank may also require this information, so having the figures and plan updated regularly allows you to easily provide any requested, relevant data.

 

Getting started:

To implement a cash flow plan, you need a clean starting point for your tracking period. Consider starting at a month-end, as you should have a good understanding of the current business financial state, including sub-ledgers for accounts receivables and liabilities such as accounts payable, held cheques after reconciling your bank accounts, contract bookings and other payments made.  The starting position gives something to balance to as well, which is very important. The cash flow forecast is usually 12 weeks at first, and then perhaps every month thereafter for a year.

Being organized is crucial for your plan. For example, revenue can be categorized by signed contracts, items still under negotiation or small fill-in work. Using these silos can help to identify various payment term differences, as well as separate any special payment terms like holdback receivables withheld monthly and released after contract completion, which usually results in large cash infusions.

Creating a chart in a spreadsheet could be useful to visualize projected and ongoing expenses and payments as well as any changes. Some things to highlight are sales assumptions:

  • Billing and collection assumptions for each contract
    • Separate the collection of accounts receivable and accounts receivable holdbacks
  • Cost of sales for each contract
  • The subcontractors who get paid when the business is paid by the client
  • Labour costs that are dependent on actual work performed and terms of collective bargaining agreements (if union) or employment/contract terms
  • Equipment costs (third-party rentals) or leases
  • Materials (some suppliers may permit deduction of holdbacks) and prompt payment discounts for early payment if cash flow permits

Many businesses require a bank operating line to help finance operations until payments from clients are received. The ability to access funds from the operating line will be based on the bank’s margining terms usually a percentage of current accounts receivables due within 90 days.

It will also be useful to identify items that cannot be deferred until the business is paid by the client. This list can include:

  • Payroll
  • Fuel
  • Equipment finance payments (interest and principal) or lease payments
  • Canada Revenue Agency payroll tax remittances
  • Workers compensation premiums and insurance premiums
  • Rent or mortgage payments

Cost items should be further broken down based on whether they are variable, fixed or discretionary. Variable items do not follow a set pattern but are dependent on production or sales such as sub-contractor costs or fuel. Fixed items, on the other hand, follow a regulated payment structure, such as rent and financing. Lastly, the discretionary category features costs that are a little “softer” and not directly associated with a specific contract but are still connected to its success, such as marketing.

Once you have completed your cash flow plan, remember to show the residual amount monthly and at end of the period. This is calculated by adding the starting cash balance to your receipts and payments allocated over the term. This might be a buffer over the period and can aid in considering a sensitivity analysis if things go better or worse than expected.

 

Determine workload:

Part of your preparations for resuming normal business operations should include taking inventory of current contracts. Is there an adequate backlog of work? What are the reasonable forecasted profits from the current contracts and estimated completion dates? Are there any current negotiations that may result in contracts being added to the backlog?

Highlight each contract and implement status checks weekly or monthly. Include the following information for each significant contract:

  • Re-forecasts of profitability (projected revenue and costs at completion)
  • Accounts receivable and accounts payable with segregated holdback
  • Any held cheques
  • The amount of remaining unbilled and unpaid work for each supplier/subcontractor
  • Resources required to complete work and their projected costs
  • Start and anticipated substantial performance dates, and therefore, holdback release date
  • Present aging of monthly accounts receivable to give you an idea of collection and payment schedules
  • Overhead: items not included in costs of sale or contract cost estimates; indirect operational costs (communications technology, supervisors, project managers, etc.); preventative maintenance costs and capital repairs versus running repairs of equipment
  • Internal equipment rental expense and true costs including fuel, wearing parts (for example, tires), running repairs (oil changes, radiator flushing, hydraulic oil, etc.), insurance, capital and depreciation including major overhaul costs (engine and undercarriage rebuilds, etc.) and expected return on capital
  • Information regarding debt service and split principal/interest on debt

CERB relief should be shown separately. Do not reduce your payroll costs, as this will just artificially reduce total amounts rather than show a true reflection of cash impact. All associated costs (paid and received) should be precisely accounted for to avoid any breach of trust obligations (if applicable), as per the statutory provincial Construction Act or Lien Act requirements. Items with a past-due status should be included as well. Deferred revenue and any work in progress do not need to be considered when it comes to the cash flow plan, as they are accrual-based calculations.

Having a strong understanding of your business’s cash flow forecast will give you confidence when making decisions around staffing, equipment purchases and when bidding on projects. Also, being able to present and articulate your cash flow plan will provide your lenders and surety with confidence to support the goals you have for your business, which should lead to more leverage and better terms.

If you have questions or would like someone to review your cash flow plan, please reach out to one of the surety underwriting experts at Trisura Guarantee Insurance Company.

 

The views expressed in this article are exclusively those of the authors; they do not necessarily reflect the views of Trisura Guarantee Insurance Company, its affiliates or partners.

Trisura Talent Continues to Shine Bright

Trisura Talent Continues to Shine Bright

Insurance Business Canada has surveyed the industry nationwide to highlight some of the top young professionals in the business. Trisura is extremely proud to announce that two members of our talented team, Kate Shaw and Stephen Logush, have been named Rising Stars for 2021!

Rising Star finalists must be nominated and meet key criteria, including:

  • Be aged 35 or younger as of March 01, 2021;
  • Hold a position that is relevant to the insurance industry;
  • Be committed to a career in insurance;
  • And, hold a passion for the industry.

 

Meet our Rising Stars:

Woman with long hair and pink blazer.Kate Shaw has been with Trisura for over two years and has nearly 10 years of experience in the insurance industry. As an executive solutions underwriter, she is responsible for managing and building a portfolio of directors’ and officers’ liability and fidelity business. Kate obtained a BA degree from McGill University and also has her Chartered Insurance Professional (CIP) designation.

Kate likes that no two days are the same when working in the insurance industry. “I love that each day brings new challenges and learning opportunities,” she says. “It’s always enjoyable to collaborate with broker partners to find creative insurance solutions for their clients.”

 

 

Man in suit jacket and grey striped tie.Stephen Logush is a manager of Trisura’s Toronto surety branch. In his role, he is responsible for working with the organization’s broker partners and team of underwriters to grow and manage the portfolio of accounts in Ontario. Stephen is a member of the SAC Young Professionals Committee, which organizes networking and professional development events for the young professionals in our industry. He has earned his Associateship in Canadian Surety Bonding (ACSB) and Canadian Risk Management (CRM) designations, and he is working towards an MBA degree through Wilfrid Laurier, which will be completed next spring.

Why does Stephen enjoy working in the industry? It comes down to the people. “Analyzing a complex set of financial statements is fun and all, but it’s really the people that make the industry so enjoyable,” he says. “Finding solutions while developing long-term relationships with our broker partners and contractors is the most rewarding part of the job.”

 

About the Insurance Business Canada Rising Stars report:

Previously named Young Guns, the Rising Stars report shines a spotlight on industry professionals aged 35 or younger. The report identifies individuals who bring a fresh perspective, innovative ideas and a sense of leadership to the roles and organizations.

You can find the official 2021 Rising Stars report here.

Cyber in 2020: The threats and the solutions

Cyber in 2020: The threats and the solutions

This interview is part of a special report published by Insurance Business Canada.

You can read the full report here.

 

In a discussion with Insurance Business Canada, Trisura’s assistant vice-president of professional solutions, Michael Kalakauskas, weighed in on some of the biggest cyber concerns facing brokers in 2020.

IB | How is the cyber insurance market shaping up in 2020?
Michael Kalakauskas HeadshotMK | 
The cyber market has been very volatile for most of 2020. We have seen pricing increases range around 10% to 50%, as well as a substantial increase in deductibles. Furthermore, most markets are reducing their capacity, with limits being greatly lowered on both third-party and first-party coverages. While some markets have pulled back, others have increased their appetite and capabilities. It’s a very interesting time in the cyber insurance world.

From a cybersecurity trend standpoint, the sheer volume of cyberattacks and compromised personal information on a worldwide level is at an all-time high and will only continue to grow with the expansion of things like company interconnectivity, the Internet of Things, the use of cloud services, artificial intelligence and machine learning, automation, and small to medium-sized business vulnerability. These trends point to the need for all organizations to increase their security and awareness in protecting themselves against cyberattacks and data breaches. Cybercriminals and attacks are only getting more sophisticated, so as an industry, we need to keep up with and respond to emerging threats.

Another important trend is the evolving landscape of international data privacy laws and government/regulatory body involvement. These new or updated laws – for example, GDPR in Europe or PIPEDA here in Canada – are making companies move from a reactive approach to a proactive approach towards cybersecurity. We’re now seeing a greater focus on system security and the ability to safely store and use personal information.

In terms of cyber coverage, brokers need to be aware that third-party liability coverage for data breaches is only one piece of the overall cyber insurance puzzle. The trends from a coverage standpoint – and the most causes of current cyber claims, in our experience – are ransomware, social engineering and business interruption. Not all businesses carry large amounts of personal data that may be targeted in data breaches; however, all businesses are dependent on computers, cell phones and the internet – things that ultimately make them vulnerable to different types of cyberattacks. The one thing that all companies do hold is employee data, which exposes all companies, regardless of size, to a potential data breach.

It is easier to target small and mid-sized companies, as they may not have adequate security measures and resources in place to protect themselves. To safeguard against today’s cyberattacks, small companies must reassess their security position and ensure adequate measures and controls are implemented, including the purchase of cyber insurance coverage and speaking with a true insurance professional.

IB | How has the COVID-19 pandemic – and the accompanying increase in remote work – impacted the cyber insurance market?
MK | COVID-19 remains a challenge for the insurance world. The cyber insurance market should be very concerned with heightened cyber exposures while people work from home with lesser security, employee awareness and procedures. This is the perfect time for cybercriminals to make their move, and we’re already seeing phishing attacks and viruses on the rise in every sector. Also, when working from home, it’s harder to react and deploy an incident response plan or disaster recovery plan, which may result in more frequent and possibly more severe attacks.

It’s a time of great stress and worry, and people are paying less attention. Things that might impact cybersecurity during COVID include older/out-of-date computer software and antivirus software/firewalls, a lack of cybersecurity procedures/policies, a lack of encryption protocols, infrequent password changes, audits not being performed, general misuse of computers and emails, and employees not on high alert. We must all stay vigilant.

IB | Which client groups should be the target markets for cyber insurance this year?
MK |
All businesses – small, medium and large – have cyber exposures, and each company should be having conversations with their insurance broker about adequate cyber insurance coverage and risk transfer options. That said, I would prioritize some of the industries that have not previously bought cyber insurance on a widespread basis. Industries including finance, banking, healthcare, retail and hospitality – all well known for holding and using personal information – have already been exposed to cyber insurance and the risk of data breaches. Industries like construction, transportation and manufacturing, as well as smaller professional offices, however, are slowly being exposed to cybersecurity needs and do need more awareness in this space.

At Trisura, we are trying to increase the exposure of cyber insurance with all of our small to medium-size business clients, regardless of industry type. As mentioned, it is easier to target small and mid-size companies, as they may not have adequate security measures and resources in place to protect themselves. Trisura has a large surety book that comprises clients of all sizes in the construction industry – for example, builders, developers and contractors – and with them being more reliant on technology and computers, it is imperative that we offer cyber solutions as part of their overall insurance and surety bonding package. Likewise, we insure many small to medium-sized professional offices for errors & omissions insurance and directors & officers liability, and we are currently trying to target them for cyber coverage as part of their insurance portfolio.

IB | What features should brokers look for in a cyber policy today?
MK |
Overall, good cyber insurance provides coverage for both an insured’s first-party and third-party losses associated with a network security breach, as well as the loss, theft, or unauthorized disclosure of personal information or confidential corporate information. The coverage should include expenses related to breach notification, extortion threats, public relations, credit monitoring, forensic investigation, defence costs, the costs of judgments or settlements, regulatory claims, business interruption and media liability, among other things. The reality is, every business has an exposure and should be protected accordingly. Exposures come in the form of employee information, customer information, internet access, electronic and network activities, and the overall use of technology.

Specifically, the most important element of any good cyber insurance policy is the claims handling service and response team associated with it. A cyber insurance policy should give clients access to experts in all fields of cybersecurity and make them feel comfortable throughout the whole process, whether it’s a full-blown claim, a possible breach or a system hack. The response team should be quick, flexible and able to handle any type of scenario. A good response team should include law firms and breach coaches; forensics and investigation professionals; public relations and communication specialists; and breach notification, identity repair and credit monitoring firms.

Legal experts can help minimize the risk of litigation and fines in the wake of a breach. They can provide legal advice based on your specific incident, such as determining how to notify affected individuals, government agencies, third parties and others who may be impacted. The law firms and breach coaches can also manage breach response teams and oversee all aspects of the response.

Forensic and investigative providers can advise your organization on how to stop the current data loss, prevent further harm and secure evidence as necessary. They can also determine where, when and how the breach or hack occurred, analyze data sources to determine what information has been compromised, and assist in data restoration.

Public relations providers can help develop both the internal and external communications needed during an incident, as well as oversee crisis management services. They can also provide advice on how to best position the incident to key audiences, update social media and help manage media questions related to the issue. Breach notification providers can help in the form of credit monitoring, credit reports, call centre services and direct mailing campaigns.

IB | If brokers are looking to sell cyber insurance to a client for the first time, what key points should they stress?
MK | All businesses, regardless of size and industry type, have cyber exposure. Regardless of whether they hold or store their customers’ or suppliers’ personal data or corporate information, these businesses have data on all of their employees and stakeholders that is at risk. Furthermore, all companies are reliant on computers, cell phones and the internet and therefore are susceptible to loss in the event of a cyberattack like ransomware, a hack, data loss, payment diversion or phishing, malware, and software or hardware failure.

Cyberattacks are indiscriminate and could come from anywhere. Even if it’s not from an attacker, one of the biggest forms of cyber exposure is the error of an employee clicking the wrong link, sending an email to the wrong person or leaving an unencrypted laptop or cell phone at a public place. Giving a tiny window of access to someone is all it takes. Cyber exposure could come from anywhere, and if it were to happen, it could give rise to significant financial loss.

My rule of thumb is to advise businesses that cyberattacks are not a matter of if but more of a when, and whether the company is able to withstand the financial impact of such an attack or loss. If it is not, or the business would like some additional protection, then cyber insurance is a key to their risk management process, no matter their size of business.

 

Commercial surety market “performing well” in Canada

Commercial surety market “performing well” in Canada

This article was originally published by Insurance Business Canada on November 22nd, 2019.

Read the original article here.

Author: Bethan Moorcraft

 

Commercial surety is a broad group of bonds that are used to secure or guarantee a wide range of obligations between parties. These bonds are used in contractual agreements to guarantee that security and regulatory requirements are met in order to protect against financial risk.

In Canada, the commercial surety industry is “performing well and is growing,” according to Matt Baynton, senior vice president – surety, Trisura Guarantee Insurance Company. Why is the commercial surety market performing well in Canada? It’s partly due to the economy.

According to Bank of Canada data released in September, the Canadian economy remains resilient even as global outlook worsens. The bank announced that third-quarter economic performance was “stronger than anticipated,” with wages picking up and housing markets beginning to rebound. Overall, consumer spending was described as “soft” and business investment dropped off, but the bank described the economy as “operating close to its potential, or speed limit.”

Matt Baynton_IBC Interview“The main driver of the commercial surety market in Canada is government spending on infrastructure,” Baynton told Insurance Business. “The federal government promised a large amount of infrastructure spending in the previous election, but very little of this spending came to fruition.

“A strong economy should ultimately lead to more government spending, which is good for the surety industry. Conversely, if Canada were to head into a recession, there would likely be an uptick in corporate insolvencies which could lead to surety losses.”

Commercial surety bonds are used to guarantee performance of non-construction related contractual obligations. They differ from contract surety bonds that are used specifically within the construction industry. Typical users of commercial surety include government bodies, federal and/or provincial courts, financial institutions, and private corporations.

Unlike traditional insurance policies, commercial surety bonds are more akin to lines of financial credit that banks extend to clients. They’re tri-party agreements which require a unique underwriting skillset, Baynton explained.

“The underwrite is much more akin to a credit underwrite that a bank would do,” he said. “Ultimately we are trying to determine the financial survivability of an organization and where they will be able to meet the obligations that they are undertaking and that we are bonding.”

Once again, this observation links back to the state of the Canadian economy. If the economy is strong, the parties involved within a commercial surety bond are probably more likely to meet their obligations. They’re also more likely to consider bonds as an alternative financial risk transfer mechanism, hence the growth that Baynton has observed in the market.

He said: “I think more obligees are knowledgeable about bonds than in the past, and they’re more willing to accept bonds as an alternate form of security.”