25+ Canada Cybersecurity Statistics and Trends

We are reader supported and may earn a commission when you buy through links on our site. Learn more.

Cyber crimes like phishing, ransomware attacks, and data breaches have increased largely in Canada. As a result, the need for cybersecurity is essential.

So, in this piece, we will dive into recent and essential cybersecurity statistics and trends to help stay data secure.

7 Key Canada Cybersecurity Statistics (Editor’s Pick)

  • 83% of Canada’s cybersecurity incidents in 2022 were not reported to law enforcement.
  • In 2021, Canada was the 11th most ransomware-attacked country globally.
  • Canadian businesses’ average data breach cost in 2021 was $5.4 million.
  • 87% of Canadian respondents in a 2023 survey felt pressured by external parties to disclose cyber incidents.
  • Canadian businesses spent $9.7 billion on cybersecurity incident detection and prevention in 2021.
  • 70% of Canadian respondents in a 2022 survey only gave out financial information on secured websites.
  • 11% of cyber-attacked Canadian businesses in 2021 experienced ransomware attacks.

Infographic

7 key canada cybersecurity statistics
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/canada-cybersecurity-statistics/" target="_blank" data-wpel-link="internal"><img decoding="async" src="https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-statistics.png" alt="7 Key Canada Cybersecurity Statistics" width="768" border="0" height="692.93233082707" loading="lazy" fetchpriority="low" srcset="https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-statistics-768x693.png 768w, https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-statistics-300x271.png 300w, https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-statistics-1024x924.png 1024w, https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-statistics-1536x1385.png 1331w, https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-statistics.png 1330w" sizes="auto"></a>
				
			

General Canada Cybersecurity Statistics and Trends

1. 79% of Canadian businesses reporting a cyber security incident in 2021 likely had at least one cyber security employee.

While 57% of Canadian businesses that did not report an incident were likely to have no cybersecurity employees.

2. Phishing (38%) was Canada's highest source of cybersecurity incidents in 2021.

Software vulnerability (34%) and Remote Desktop Access (38%) came second and third, respectively. 

3. In 2021, threat actors could access sensitive data from breached Canadian firms 69% of the time.

Only 31% of the time were they denied access to sensitive information. 

4. 70% of Canadian respondents in a 2022 survey only gave out financial information on secured websites.

19% did not care about website security before giving out financial information. 

5. 83% of Canada's cybersecurity incidents in 2022 were not reported to law enforcement.

Thus, leaving 17% of incidents reported to law enforcement. 

Canada Ransomware Attack Statistics and Trends

6. 11% of cyber-attacked Canadian businesses in 2021 experienced ransomware attacks.

82% of these ransomware-attacked businesses did not make the ransom payment. Likewise, 1% paid over $500,000 in ransoms, while 14% of those who paid did so with cryptocurrency.

7. The leading Canadian cybersecurity incident in 2021 was ransomware attacks (55%).

Malware and other attacks took a 24% share, while financial fraud (excluding BEC) accounted for 4%. Business Email CoCanada’somise (BEC) attacks accounted for 17% of cybersecurity incidents in the year.

canada cybersecurity incident
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/canada-cybersecurity-statistics/" target="_blank" data-wpel-link="internal"><img decoding="async" src="https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-incident.png" alt="Canada Cybersecurity Incidents" width="768" border="0" height="829.44" loading="lazy" fetchpriority="low" srcset="https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-incident-768x829.png 768w, https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-incident-278x300.png 278w, https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-incident-948x1024.png 948w, https://vpnalert.com/wp-content/uploads/2023/06/canada-cybersecurity-incident.png 1200w" sizes="auto"></a>
				
			

8. 60% of ransomware-attacked Canadian businesses in 2021 contracted external information technology (IT) personnel to resolve the attack.

14% used external parties, while 13% went with their cyber risk insurance providers.

9. On October 30, 2021, the Newfoundland and Labrador healthcare system was attacked by ransomware.

This resulted in the theft of over 200,000 files hosted on a network drive.

These included the social insurance numbers of 1,341 dead and 1,200 living patients.

10. In 2021, Canada was the 11th most ransomware-attacked country globally.

Around 62% of Canadian organizations in 2021 experienced an attempted or successful ransomware attack.

Canada Cyber Breach and Attack Statistics and Trends

11. Canadian businesses' average data breach cost in 2021 was $5.4 million.

This was a 20% increase from the previous year when the data breach cost across Canadian firms was $4.5 million. 

12. In 2021, cyber-attacked small businesses in Canada spent 120% more on cybersecurity than non-affected small businesses.

Affected medium businesses spent 39% more than their non-breached counterparts, while large businesses in the same category spent 75% more.

13. Canada was the fourth hardest-hit country by cyberattacks in December 2021.

The USA (20 attacks), Germany (13), and France (8) made the top three, ahead of Canada’s seven.

14. In February 2022, Panasonic’s Canadian operations suffered a data breach.

The cyberattack, confirmed in April 2022, resulted in the loss of over 2.7 gigabytes of data.

15. Data exposure from Canadian data breach incidents reduced between Q3 2021 and Q3 2022.

The table below shows a breakdown of data exposure from breaches in the Canadian space between these periods. 

Quarters Exposed Records
Q3 2021  6,539,195
Q4 2021 744,001
Q1 2022 220,177
Q2 2022 155,618
Q3 2022 652,298

Canada Cybersecurity Implementation Statistics and Trends

16. 61% of Canadian businesses in 2021 assigned at least one employee to deal with cyber security risks and threats.

38% hired a contractor or consultant, and 29% updated their operating systems frequently or monthly to deal with threats.

canadian businesses dealing with cyber attacks
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/canada-cybersecurity-statistics/" target="_blank" data-wpel-link="internal"><img decoding="async" src="https://vpnalert.com/wp-content/uploads/2023/06/canadian-businesses-dealing-with-cyber-attacks.png" alt="Canadian Businesses Dealing With Cyber Attacks" width="768" border="0" height="544.35912581217" loading="lazy" fetchpriority="low" srcset="https://vpnalert.com/wp-content/uploads/2023/06/canadian-businesses-dealing-with-cyber-attacks-768x544.png 768w, https://vpnalert.com/wp-content/uploads/2023/06/canadian-businesses-dealing-with-cyber-attacks-300x213.png 300w, https://vpnalert.com/wp-content/uploads/2023/06/canadian-businesses-dealing-with-cyber-attacks-1024x726.png 1024w, https://vpnalert.com/wp-content/uploads/2023/06/canadian-businesses-dealing-with-cyber-attacks-1536x1089.png 1536w, https://vpnalert.com/wp-content/uploads/2023/06/canadian-businesses-dealing-with-cyber-attacks.png 1693w" sizes="auto"></a>
				
			

17. 51% of Canadian businesses in an October 2021 survey had audited or verified third parties/suppliers’ security posture and compliance.

At the same time, 43% of businesses refined their third-party onboarding assessment criteria.

Share of Respondents  Third-Party Risk Management
51% Audited or verified third parties or suppliers’ security posture and compliance. 
43% Refined the onboarding and ongoing third-party assessment criteria.
41% Shared knowledge or assistance with third parties to shore up their Cybersecurity postures. 
41% Addressed challenges, cost-related or time-related, that affect the ability to be cyber resilient. 
39% Did more rigorous due diligence. 
34% Rewrote contracts with specific third parties to mitigate risks. 
27% Ended some third parties’ relationships. 
8% None. 

18. The mandatory breach-reporting obligations of Quebec’s Bill 64 will come into force on September 22, 2023.

This would include a severe violation fee of up to C$25 million, or 4% of the organization’s global revenue for the previous fiscal year, whichever would be higher.

19. 87% of Canadian respondents in a 2023 survey felt pressured by external parties to disclose cyber incidents.

While only 43% could guarantee supplying critical information about an incident within the expected reporting time after the incident.

Cybersecurity Demographics Statistics and Trends

20. The Canadian industrial/manufacturing sector recorded the highest (15%) cybersecurity incidents in 2021.

The financial services industry (11%) and technology industry (10%) came second and third, respectively. 

Industry %
Manufacturing 15
Financial Services  11
Technology  10
Non-profit / Education  9
Professional Services  8
Public Service / Municipality 8
Engineering / Construction 7
Transportation  7
Legal Services  5
Logistics  3
First Nation 1
Healthcare 1
Other  15

21. Ontario (50%) recorded the highest number of cyberattacks by region in Canada.

As of the end of 2021, Quebec (19%) and British Columbia (16%) rounded up the top three most attacked Canadian regions.

Region %
Ontario 50
Quebec 19
British Columbia  16
Western Canada  11
Atlantic Canada  4

Canada Cybersecurity Market and Financials Statistics and Trends

22. Canada's cybersecurity market revenue was $3.44 billion in 2022.

Out of this figure, $1.48 billion was from cyber solutions, and around $1.96 billion was from security services. Also, the market revenue is expected to rise to $5.87 billion by 2027.

Year Cyber Solutions (Billion USD)  Security Services (Billion USD) 
2022 1.48  1.96
2023 1.72 2.13
2024 1.99 2.28
2025 2.3 2.43
2026 2.65 2.6
2027 3.08 2.79

23. Canadian firms spent 11.1% of their annual budget on security in 2021.

This was a 2.9% increase from the previous year

24. Canadian businesses spent $9.7 billion on cybersecurity incident detection and prevention in 2021.

Medium-sized businesses spent $2.4 billion, small businesses contributed $2.9 billion, and large businesses added the remaining $4.4 billion.

cybersecurity incident detention and prevention
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/canada-cybersecurity-statistics/" target="_blank" data-wpel-link="internal"><img decoding="async" src="https://vpnalert.com/wp-content/uploads/2023/06/cybersecurity-incident-detention-and-prevention.png" alt="Canadian Business Spends on Cybersecurity Detection and Prevention" width="768" border="0" height="787.2" loading="lazy" fetchpriority="low" srcset="https://vpnalert.com/wp-content/uploads/2023/06/cybersecurity-incident-detention-and-prevention-768x787.png 768w, https://vpnalert.com/wp-content/uploads/2023/06/cybersecurity-incident-detention-and-prevention-293x300.png 293w, https://vpnalert.com/wp-content/uploads/2023/06/cybersecurity-incident-detention-and-prevention-999x1024.png 999w, https://vpnalert.com/wp-content/uploads/2023/06/cybersecurity-incident-detention-and-prevention.png 1200w" sizes="auto"></a>
				
			

25. In 2021, cyber security incident recovery cost Canadian businesses $600 million.

This was 3x higher than the $200 million spent on the same effect in 2019.

Stay Cyber Secure

These Canada cybersecurity statistics and trends give a clear insight into cyber crimes affecting Canadians today. Likewise, it helps Canadian businesses stay on their toes about possible breaches they may suffer and how to start implementing against such.

To take things further, consider using the best VPNs for Canada to protect your sensitive data and manage users’ access to said data on all networks.

References:
  1. https://www150.statcan.gc.ca/n1/daily-quotidien/221018/dq221018b-eng.htm
  2. https://www.itworldcanada.com/article/newfoundland-and-labrador-health-system-attackers-copied-200000-patient-and-employee-files/478645
  3. https://www.pwc.com/ca/en/services/consulting/cybersecurity-privacy/cyber-threat-intelligence/year-in-review.html
  4. https://konbriefing.com/en-topics/cyber-attacks-2021-12.html
  5. https://www.ibm.com/downloads/cas/OJDVQGRY
  6. https://www.cyberlands.io/topsecuritybreachescanada
  7. https://www.statista.com/statistics/1324220/canada-number-of-leaked-records/
  8. https://www.statista.com/statistics/1342379/organizations-taking-actions-for-third-party-risk-canada-by-type/
  9. https://www.mondaq.com/canada/privacy-protection/1236604/new-breach-reporting-requirements-in-force-in-quebec
  10. https://www.pwc.com/ca/en/services/consulting/cybersecurity-privacy/digital-trust-insights.html
  11. https://www.blakes.com/pages/2022-cybersecurity-trends-study
  12. https://www.statista.com/statistics/1344169/canada-users-providing-financial-information-on-secure-websites/
  13. https://www.statista.com/statistics/1350768/revenue-cybersecurity-canada-by-segment/
  14. https://cyber-edge.com/wp-content/uploads/2021/04/CyberEdge-2021-CDR-Report-v1.1-1.pdf