Canada cyber security and cyber crime statistics

Cyber crime rates continue to increase in Canada with both individuals and businesses being affected. While it often gets lumped in with the US in some statistics, Canada has its own unique cyber crime and cyber security landscape. Ransomware, phishing attacks, data breaches, and various types of fraud are all commonplace in the country but to varying extents compared to its neighbour.

In this article, we highlight the latest cyber crime and cyber security facts, trends, and statistics impacting Canadians.

1. Successful attacks affected 78% of Canadian companies in one year

The 2020 Cyberthreat Defense Report (CDR) by CyberEdge Group provides a wealth of information about cyber attacks across the globe. It found that 78 percent of Canadian organizations experienced at least one cyber attack within a 12-month period. This was towards the lower end compared to other countries in the study. The most-impacted country was Mexico with almost 94 percent of companies dealing with attacks.

2. Ransomware impacted over 70% of Canadian organizations within a year

The CyberEdge report hones in on ransomware and found that 72 percent of Canadian respondents dealt with ransomware over the past 12 months. This put the country in the top three behind only China (76.0 percent) and Mexico (72.7 percent). Japanese organizations fared best with just 36.7 percent impacted by ransomware.

3. In Canada, the average spend on security is over 12% of an organization’s IT budget

The report also reveals how much organizations are spending on cyber security, with Canadian firms spending 12.1 percent of their IT budget on security. This is about average compared to other regions included in the study. Mexico had the highest portion of spend (15.9 percent) and Japan the lowest (10.6 percent).

Budget spend chart.
Source: CyberEdge

4. Canadian organizations bumped IT budgets up by a mean of 4.7% in 2020

It’s worth noting that Canadian firms did increase their security budgets compared to the prior year by almost five percent. Again, this is about average compared to other countries studied with the range being 3.9–6.7 percent.

5. In Canada, around three quarters of companies favor security products that use AI and machine learning

Another interesting insight from the CyberEdge report is the preference some organizations have for machine learning and AI in security products. 74 percent of businesses in Canada have a strong or moderate preference for these technologies, although this puts Canada in the bottom three of the list with Japan and Australia. The countries that appear to have the most interest in advanced technologies are Turkey, Brazil, and Mexico.

6. Canada is the sixth most attacked country by ransomware Trojans

A recent mobile malware study by Kaspersky found that ransomware Trojans are a fairly common occurrence for mobile users in Canada compared to in other countries with 0.11 percent of Canadian users seeing these types of attacks. The only regions where more users dealt with these attacks were the US, Kazakhstan, Iran, China, and Italy.

7. Only 39% of organizations have been hit by ransomware

Numbers from the Sophos State of Ransomware Report 2020 disagree with those from the CyberEdge report above. This study found that only 39 percent of firms had dealt with ransomware in the year prior. Although Sophos noted this number was surprising since Canada is a developed country and should be a prime target. It goes on to suggest that the country may benefit from being in the shadow of the US.

8. 68% anticipate being hit with a ransomware attack

Of those who haven’t been hit with ransomware, 68 percent told Sophos that they expect to be hit with a ransomware attack in the future. This indicates that Canadian respondents are highly alert to the issue of ransomware.

9. 26% of Canadian companies managed to stop ransomware attacks prior to data encryption

Sophos also reported on the number of attacks thwarted by organizations prior to data being encrypted. Canadian companies managed to block more than one-quarter of attacks, which puts the country just above the global average. While this is impressive, Turkey took the top spot with companies managing to block 51 percent of ransomware attacks.

Chart showing number of attacks stopped.
Source: Sophos

10. More than 1 in 10 companies paid the ransom to attackers

According to Sophos, 11 percent of Canadian organizations paid ransoms. The only countries in which a smaller portion of businesses paid up were Spain (four percent) and Italy (six percent). Companies in India (66 percent) were the most likely to pay, followed by Sweden (50 percent) and the Philippines (32 percent).

11. The average cost of ransomware attacks in Canada was over $400,000

Ransomware attacks can be expensive, with costs including the ransom itself, downtime, specialist services, loss of business, and more. The average remediation cost for companies in Canada is $404,424,29. This is no small sum, but it is well below the global average which sits at over $750,000. Organizations in Sweden and Japan exceed an average of $2 million in ransomware remediation costs, and businesses in Australia, India, and Malaysia pay over $1 million.

12. More than 8 in 10 companies hold cyber security insurance

One more area the Sophos report delves into is cyber security insurance. It found that 84 percent of Canadian organizations have cyber insurance included in their policies, which is slightly above average on a global scale. 62 percent of those with cyber insurance are covered against ransomware attacks, which is about average.

13. Discount car and truck rental suffered a ransomware attack

The BlackFog State of Ransomware in 2021 report details a recent attack on Discount Car and Truck Rental. In February 2021, the DarkSide ransomware gang targeted Discount which is part of the US-based Enterprise group. DarkSide claimed to have stolen 120 GB of banking, corporate, and franchising data from the company.

14. 48,000 malicious files related to COVID-19 have been detected since May 2020

According to a McAfee study of COVID-19-related malicious file detections, Canada has seen 48,266 such incidents since May 2020. This is significant but is nowhere near the number detected in the neighboring US which has observed more than 2.5 million COVID-19 malicious file detections to date.

The McAfee map.
Source: McAfee

15. Canada came in 13th out of 75 countries in terms of its cyber security score

A Comparitech study ranked 75 countries on cyber security by considering over a dozen factors including the frequency of various types of cyber attacks and how prepared a country is to face them. Canada scored well in the study and was ranked in 13th place. The top three countries were Denmark, Sweden, and Ireland, and the bottom three were Tajikistan, Bangladesh, and China.

16. The average cost of a data breach is over $4 million

The IBM Cost of a Data Breach Report 2020 focuses on how much organizations lose when a data breach occurs. The average cost for Canadian organizations is $4.5 million. This puts it behind only the US ($8.64 million) and the Middle East ($6.52 million). The cost of data breaches is growing in Canada with the 2020 figure being 6.5 percent higher than in the previous year.

17. Canada had the lowest portion of breaches resulting from malicious attacks

IBM tells us the cause of data breaches and found that 42 percent of Canadian incidents were the result of malicious attacks. This number was lower than for any other region in study. Organizations in the Middle East were the most likely to find a breach was caused by a malicious attack. Canada did see the largest portion of breaches stemming from system glitches (35 percent). A further 23 percent of incidents were the result of human error.

18. Around a quarter of companies have fully deployed security automation

Another interesting area of the IBM report examined how many companies use full or partially deployed security automation. Canadian organizations are in the top five when it comes to full security automation deployment with 24 percent of organizations falling into this category. A further 38 percent have partially deployed security automation.

19. The average time to identify a breach in Canada is 168 days

One area where Canadian companies shine is identifying and containing breaches. The region ranked the second fastest in terms of breach identification time (168 days compared to Germany’s 128 days) and took 58 days to contain a breach. In contrast, Brazilian companies averaged 265 days to identify and 115 days to contain.

Chart showing times.
Source: IBM

20. Canadians lost over $60 million to online fraud during 2020

The Canadian Anti-Fraud Centre (CAFC) estimated that Canadians lost a total of $107.2 million (CAD) to fraud in 2020. $62.6 million (CAD) of this sum was associated with online fraud. A KPMG spokesperson said in a news release that:

“The reliance on digital platforms and cloud computing has put more sensitive data within the reach of cybercriminals, who are becoming increasingly more adept at accessing or hacking into ‘secure’ customer databases to steal identities.”

21. Extortion is the top type of fraud targeting Canadians

A CAFC report of the top frauds targeting Canadians in 2020 found that extortion was the most common type. There were 17,390 reports of extortion in 2020 and 6,689 victims. The total dollar losses associated with these reports was $12.5 million (CAD). Identity fraud was the second most common type of fraud with 16,970 reports.

22. Romance fraud resulted in $18.5 million in losses in 2020

The same study reveals that romance fraud resulted in higher total losses than any other type of fraud. 620 victims lost a total of $18.5 million (CAD) to romance and dating scams. Investment schemes were second in the list with 428 victims losing $16.5 million(CAD), followed by spear phishing scams which saw 525 victims hand over $14.4 million (CAD).

Table of top fraud types.
Source: CAFC

23. Over 40% of Canadians experienced a cyber security incident at the start of the pandemic

A 2020 report released by Statistics Canada focused on how online habits changed for Canadians in the first six months of the pandemic. It found that 42 percent of Canadians dealt with a cyber security incident during those first several months. These Included phishing attacks, fraud, malware, and hacked accounts. 36 percent of those who reported a cyber incident said they suffered a loss in terms of time, data, or money..

24. More than 1 in 10 received COVID-related phishing emails

During the same six-month period, 34 percent of Canadians experienced a phishing attack. 14 percent of respondents received phishing emails that were related to COVID-19 test results.

25. Last year, 12 percent of organizations had their data published on leak sites

Palo Alto Networks’ Unit 42 Ransomware Threat Report 2021 studied the number of victim organizations that had data published on leaked sites. Of the Canadian companies in its sample, more than one in 10 faced such a situation. This made it the second most impacted company globally, although the US was in a far worse position with 47 percent of organizations seeing their data published on leaked sites.

Table showing numbers of leaked sites.
Source: Palo Alto

26. Over half of organizations have upped security during the pandemic

The 2020 CIRA Cybersecurity Report examined how Canadian companies were responding to issues that have arisen since the start of the pandemic. It found that around 30 percent of organizations have seen a spike in the number of attacks since the pandemic began and that over five percent have responded with new cyber security protections.

27. Dedication of human resources to cyber security is down

Even though companies are responding to the pandemic, fewer organizations in 2020 said that they planned to increase the level of human resources they dedicate to cyber security. Only around one third said they would, compared to 45 percent in 2019.

28. Many organizations didn’t know if they had experienced a breach

CIRA asked organizations if they had dealt with a breach of employee or customer data in the past year. One quarter of organizations said they had, but 38 percent were unable to provide a definitive response.

29. Professional services and ransomware account for the largest portion of cyber security incidents

A 2020 study by Blakes reveals information about Canadian cyber security trends in 2020. It broke down the number of attacks by industry and found that professional services saw the largest portion (24 percent) of attacks. Finance (19 percent), technology (15 percent), health (13 percent), and energy (eight percent) rounded out the top five.

Blakes also broke down the most common types of threats and discovered that ransomware was by far the most frequent, accounting for 35 percent of attacks. Next was business email compromise (24 percent) followed by wire fraud (14 percent).

30. Ontario is the hardest hit region by cyber attacks

Looking at attacks by region, Ontario was the hardest hit. However, this is the largest province in terms of population. In general, results do seem to be relative to population size.

31. Operational disruption is the most common impact of cyber security incidents

So what impacts do cyber security incidents have on organizations? Blakes tells us that operational disruption is the most common (33 percent). This is followed by financial loss (25 percent) and impact on B2B partners (21 percent).

An impact infographic.
Source: Blakes

Blakes found that almost one quarter of companies take more than a month to recover from a cyber security incident.

See also: