Cyber crimes like phishing, ransomware attacks, and data breaches have increased largely in Canada. As a result, the need for cybersecurity is essential.
So, in this piece, we will dive into recent and essential cybersecurity statistics and trends to help stay data secure.
7 Key Canada Cybersecurity Statistics (Editor’s Pick)
- 83% of Canada’s cybersecurity incidents in 2022 were not reported to law enforcement.
- In 2021, Canada was the 11th most ransomware-attacked country globally.
- Canadian businesses’ average data breach cost in 2021 was $5.4 million.
- 87% of Canadian respondents in a 2023 survey felt pressured by external parties to disclose cyber incidents.
- Canadian businesses spent $9.7 billion on cybersecurity incident detection and prevention in 2021.
- 70% of Canadian respondents in a 2022 survey only gave out financial information on secured websites.
- 11% of cyber-attacked Canadian businesses in 2021 experienced ransomware attacks.
Infographic
General Canada Cybersecurity Statistics and Trends
1. 79% of Canadian businesses reporting a cyber security incident in 2021 likely had at least one cyber security employee.
While 57% of Canadian businesses that did not report an incident were likely to have no cybersecurity employees.
2. Phishing (38%) was Canada's highest source of cybersecurity incidents in 2021.
Software vulnerability (34%) and Remote Desktop Access (38%) came second and third, respectively.
3. In 2021, threat actors could access sensitive data from breached Canadian firms 69% of the time.
Only 31% of the time were they denied access to sensitive information.
4. 70% of Canadian respondents in a 2022 survey only gave out financial information on secured websites.
19% did not care about website security before giving out financial information.
5. 83% of Canada's cybersecurity incidents in 2022 were not reported to law enforcement.
Thus, leaving 17% of incidents reported to law enforcement.
Canada Ransomware Attack Statistics and Trends
6. 11% of cyber-attacked Canadian businesses in 2021 experienced ransomware attacks.
82% of these ransomware-attacked businesses did not make the ransom payment. Likewise, 1% paid over $500,000 in ransoms, while 14% of those who paid did so with cryptocurrency.
7. The leading Canadian cybersecurity incident in 2021 was ransomware attacks (55%).
Malware and other attacks took a 24% share, while financial fraud (excluding BEC) accounted for 4%. Business Email CoCanada’somise (BEC) attacks accounted for 17% of cybersecurity incidents in the year.
8. 60% of ransomware-attacked Canadian businesses in 2021 contracted external information technology (IT) personnel to resolve the attack.
14% used external parties, while 13% went with their cyber risk insurance providers.
9. On October 30, 2021, the Newfoundland and Labrador healthcare system was attacked by ransomware.
This resulted in the theft of over 200,000 files hosted on a network drive.
These included the social insurance numbers of 1,341 dead and 1,200 living patients.
10. In 2021, Canada was the 11th most ransomware-attacked country globally.
Around 62% of Canadian organizations in 2021 experienced an attempted or successful ransomware attack.
Canada Cyber Breach and Attack Statistics and Trends
11. Canadian businesses' average data breach cost in 2021 was $5.4 million.
This was a 20% increase from the previous year when the data breach cost across Canadian firms was $4.5 million.
12. In 2021, cyber-attacked small businesses in Canada spent 120% more on cybersecurity than non-affected small businesses.
Affected medium businesses spent 39% more than their non-breached counterparts, while large businesses in the same category spent 75% more.
13. Canada was the fourth hardest-hit country by cyberattacks in December 2021.
The USA (20 attacks), Germany (13), and France (8) made the top three, ahead of Canada’s seven.
14. In February 2022, Panasonic’s Canadian operations suffered a data breach.
The cyberattack, confirmed in April 2022, resulted in the loss of over 2.7 gigabytes of data.
15. Data exposure from Canadian data breach incidents reduced between Q3 2021 and Q3 2022.
The table below shows a breakdown of data exposure from breaches in the Canadian space between these periods.
Quarters | Exposed Records |
---|---|
Q3 2021 | 6,539,195 |
Q4 2021 | 744,001 |
Q1 2022 | 220,177 |
Q2 2022 | 155,618 |
Q3 2022 | 652,298 |
Canada Cybersecurity Implementation Statistics and Trends
16. 61% of Canadian businesses in 2021 assigned at least one employee to deal with cyber security risks and threats.
38% hired a contractor or consultant, and 29% updated their operating systems frequently or monthly to deal with threats.
17. 51% of Canadian businesses in an October 2021 survey had audited or verified third parties/suppliers’ security posture and compliance.
At the same time, 43% of businesses refined their third-party onboarding assessment criteria.
Share of Respondents | Third-Party Risk Management |
---|---|
51% | Audited or verified third parties or suppliers’ security posture and compliance. |
43% | Refined the onboarding and ongoing third-party assessment criteria. |
41% | Shared knowledge or assistance with third parties to shore up their Cybersecurity postures. |
41% | Addressed challenges, cost-related or time-related, that affect the ability to be cyber resilient. |
39% | Did more rigorous due diligence. |
34% | Rewrote contracts with specific third parties to mitigate risks. |
27% | Ended some third parties’ relationships. |
8% | None. |
18. The mandatory breach-reporting obligations of Quebec’s Bill 64 will come into force on September 22, 2023.
This would include a severe violation fee of up to C$25 million, or 4% of the organization’s global revenue for the previous fiscal year, whichever would be higher.
19. 87% of Canadian respondents in a 2023 survey felt pressured by external parties to disclose cyber incidents.
While only 43% could guarantee supplying critical information about an incident within the expected reporting time after the incident.
Cybersecurity Demographics Statistics and Trends
20. The Canadian industrial/manufacturing sector recorded the highest (15%) cybersecurity incidents in 2021.
The financial services industry (11%) and technology industry (10%) came second and third, respectively.
Industry | % |
---|---|
Manufacturing | 15 |
Financial Services | 11 |
Technology | 10 |
Non-profit / Education | 9 |
Professional Services | 8 |
Public Service / Municipality | 8 |
Engineering / Construction | 7 |
Transportation | 7 |
Legal Services | 5 |
Logistics | 3 |
First Nation | 1 |
Healthcare | 1 |
Other | 15 |
21. Ontario (50%) recorded the highest number of cyberattacks by region in Canada.
As of the end of 2021, Quebec (19%) and British Columbia (16%) rounded up the top three most attacked Canadian regions.
Region | % |
---|---|
Ontario | 50 |
Quebec | 19 |
British Columbia | 16 |
Western Canada | 11 |
Atlantic Canada | 4 |
Canada Cybersecurity Market and Financials Statistics and Trends
22. Canada's cybersecurity market revenue was $3.44 billion in 2022.
Out of this figure, $1.48 billion was from cyber solutions, and around $1.96 billion was from security services. Also, the market revenue is expected to rise to $5.87 billion by 2027.
Year | Cyber Solutions (Billion USD) | Security Services (Billion USD) |
---|---|---|
2022 | 1.48 | 1.96 |
2023 | 1.72 | 2.13 |
2024 | 1.99 | 2.28 |
2025 | 2.3 | 2.43 |
2026 | 2.65 | 2.6 |
2027 | 3.08 | 2.79 |
23. Canadian firms spent 11.1% of their annual budget on security in 2021.
This was a 2.9% increase from the previous year.
24. Canadian businesses spent $9.7 billion on cybersecurity incident detection and prevention in 2021.
Medium-sized businesses spent $2.4 billion, small businesses contributed $2.9 billion, and large businesses added the remaining $4.4 billion.
25. In 2021, cyber security incident recovery cost Canadian businesses $600 million.
This was 3x higher than the $200 million spent on the same effect in 2019.
Stay Cyber Secure
These Canada cybersecurity statistics and trends give a clear insight into cyber crimes affecting Canadians today. Likewise, it helps Canadian businesses stay on their toes about possible breaches they may suffer and how to start implementing against such.
To take things further, consider using the best VPNs for Canada to protect your sensitive data and manage users’ access to said data on all networks.
- https://www150.statcan.gc.ca/n1/daily-quotidien/221018/dq221018b-eng.htm
- https://www.itworldcanada.com/article/newfoundland-and-labrador-health-system-attackers-copied-200000-patient-and-employee-files/478645
- https://www.pwc.com/ca/en/services/consulting/cybersecurity-privacy/cyber-threat-intelligence/year-in-review.html
- https://konbriefing.com/en-topics/cyber-attacks-2021-12.html
- https://www.ibm.com/downloads/cas/OJDVQGRY
- https://www.cyberlands.io/topsecuritybreachescanada
- https://www.statista.com/statistics/1324220/canada-number-of-leaked-records/
- https://www.statista.com/statistics/1342379/organizations-taking-actions-for-third-party-risk-canada-by-type/
- https://www.mondaq.com/canada/privacy-protection/1236604/new-breach-reporting-requirements-in-force-in-quebec
- https://www.pwc.com/ca/en/services/consulting/cybersecurity-privacy/digital-trust-insights.html
- https://www.blakes.com/pages/2022-cybersecurity-trends-study
- https://www.statista.com/statistics/1344169/canada-users-providing-financial-information-on-secure-websites/
- https://www.statista.com/statistics/1350768/revenue-cybersecurity-canada-by-segment/
- https://cyber-edge.com/wp-content/uploads/2021/04/CyberEdge-2021-CDR-Report-v1.1-1.pdf