Over the last few months, there has been a slew of high-profile cyberattacks against big Canadian retailers and critical infrastructure systems. Significant cyber incidents in Canada have tripled since 2023, according to the most recent updates from QBE Canada’s Control Risks Report. Let’s examine how prevalent cyberattacks have become for Canadian businesses and why rising cyberattacks can significantly affect the safety of your business and your customers.
Increases In Cyber Attacks: It’s a Matter of Trust
As many business owners know, trust is hard-earned and easily lost. Many Canadian organizations have been learning this lesson the hard way as a result of increased cybercrimes. In 2025 alone, 53% of Canadian businesses reported experiencing a cyberattack, and 18% suffered disruptions lasting at least one full business day.
The reports of reputational damage increased exponentially over the past decade, and it is not going to improve any time soon. “As technology interdependencies grow, we expect more cyber incidents to disrupt many companies in a single attack, meaning businesses are more likely to experience a disruptive cyber event,” the report reads.
The average cost of reported ransom payments in Canada is around $1.13 million, which is a substantial increase from previous years. However, there is also the cost of having to take your entire system offline to prevent any spread. Getting it back up and running can be very costly, both in terms of hiring technical experts and keeping your business offline for days or weeks. And if you are a business with clients, there will be a cost in terms of relationships and rebuilding trust.
Online Risks Are Growing. Keep Your Business Data Safe.
Shield your operations today — get your free cyber insurance quote!
What Are Drivers of Growing Cyber Threats?
As the world goes digital and more crime plays out in cyberspace, the threat will only increase over the next two years. This is from Sami Khoury, the head of the Canadian Centre for Cyber Security and author of a new report that details a rise in both financially and geopolitically motivated attacks. The leading causes of this widespread global phenomenon are:
Geopolitics
Experts have reported an increase in geopolitically motivated attacks in the last three or so years. A new report by QBE Canada finds cyber actors have become more intent on attempting to disrupt critical national infrastructure. “As technology interdependencies grow, we expect more cyber incidents to disrupt many companies in a single attack, meaning businesses are more likely to experience a disruptive cyber event,” the report reads.
Ransomware
Most criminals today steal information from a company and then demand payment to give that information back. Contributing to the number of total global cyber-attacks, ransomware attacks have been increasing annually, and this trend isn’t slowing anytime soon, QBE reports. Total global ransomware events in 2024 are expected to reach 4,800 by the end of this year.
28% of Canadian businesses impacted by cyber security incidents reported incidents to police services in 2024, up 15% from 2023.
Third-Party Threats
Cyber threat vulnerability not only stems from within. Supply chains, products, or partnerships with other businesses can also provide access to a business’s sensitive information.
Technological Advancements
Cybercriminals are using artificial intelligence (AI) to enhance their attacks. This is not just to help write better phishing emails and texts, but also to write code for malware. “As AI becomes more readily accessible and large language models (LLMs) proliferate, lower-capability threat actors like cybercriminals and cyber activists will be able to launch larger attacks more quickly,” the report reads. Organizations are most concerned about data gathered by AI tools (61 percent) and improved phishing emails and texts (56 percent).
Cybercriminals are using artificial intelligence (AI) to enhance their attacks, not just to help write better phishing emails, but also to write code for malware. “As AI becomes more readily accessible and large language models (LLMs) proliferate, lower-capability threat actors like cybercriminals and cyber activists will be able to launch larger attacks more quickly,” the report reads.
Thinking That Size Matters
It doesn’t matter if you’re the zoo, a bank, or a small ‘mom and pop’ business—if cybercriminals find a weak spot, they will exploit it. Almost always, these weak spots are based on a failure to update. Whether it’s an iPhone or a corporate server, the update notifications you receive aren’t just about increasing functionality; they’re about closing vulnerabilities.
How to Get Ahead of the Next Wave of Cyberattacks
So, how can you stay ahead of the next wave of cyber actors working in the shadows? Going forward, companies are being encouraged by experts to get ahead of these threats into 2025. How? By speaking to their brokers or insurers, updating their incident response plans, and identifying any weaknesses in their current tech stack or supply chain.
While the statistics are alarming, it is thought that many incidents of cybercrime are going unreported. Among the businesses impacted by cyber-attacks, many did not report all incidents to police services. The primary reasons given for not reporting were:
- The incidents were resolved internally (55%).
- Many were too minor (35%).
- They were resolved through information technology consultants or contractors (31%).
Increases in Cyber-Attacks: Measures Worth Considering
In light of the financial and reputational impacts on their organizations, several measures are being considered:
Bill-C26
The latest edition of CIRA’s annual Cybersecurity Survey finds strong support (77% of respondents) for government legislation like Bill C-26, An Act Respecting Cyber Security, to shape cybersecurity in Canada. Despite organizations claiming they typically pay $25,000 to $100,000 in ransomware, three-quarters (74 percent) support legislation that prohibits ransom payments. Limiting increases in cyber-attacks may be accomplished if cybercriminals can no longer be guaranteed a payout. Whether this helps curb attacks or simply brings about more skilled cyber actors to hack organizations remains to be seen.
Cyber Security Insurance
Due to the meteoric rise of cybercrime, many organizations are seeking cybersecurity insurance. More than 8 in 10 (82%) organizations have cybersecurity insurance coverage. In response, leading insurance providers have implemented more restrictive measures. Most organizations with a policy indicate that their provider has changed their coverage. These changes include:
- Verification of current security measures (39%).
- An increase in premiums (38%).
- Changes in eligibility criteria for obtaining/renewing coverage (37%).
- Reduction in reimbursement amounts for ransomware attacks (30%).
Artificial Intelligence (AI): The Double-Edged Sword
On the topic of AI, a staggering 70% of organizations are concerned about potential cyber threats stemming from AI. Data from AI tools and the proliferation of improved phishing emails and texts were of particular concern. Coincidentally, more than half of the organizations (57%) surveyed have integrated AI into their workflows and operations. Although AI poses a considerable threat to their business operations, the same companies impacted by attacks recognize the advantages that AI brings to cybersecurity.
According to the most recently collected data, just over 4-in-10 (43%) respondents say their organization made changes to its cybersecurity approach in response to news about major cyber-attacks.
Being Aware
Now, cybersecurity is more critical for your business than ever. By implementing strategies and measures to safeguard your computers and the important data they store, you help ensure your personal information is safe from those with malicious intent. Just as you wouldn’t leave your wallet in the open for thieves, you shouldn’t keep your computer’s personal information open to hackers. It’s important to know about cybersecurity best practices to protect your business heading into the new year. Updating software regularly, practicing good password management, and being vigilantly mindful of when and where you click will help ensure cyber safety for you and your customers.
Read our article to learn more about cyber security best practices for your business.
Increases in cyber attacks: A conclusion
At the end of the day, staying safe and secure on the internet is no easy task. You can mitigate increases in cyberattacks with up-to-date cybersecurity best practices. They can offer you peace of mind and keep you and your business safe and secure. If you have any questions regarding cyber liability insurance, contact us today or request a quote.
As technology and computers continue to become more advanced, so Read more
Major cyber attacks and security breaches have made headlines in Read more
By ensuring safe cybersecurity best practices, you can rest easy Read more
