Cyber incidents in Canada have seen a sharp rise, tripling in just two years, according to a new report from QBE, a commercial insurer. This increase is linked to various factors, including technological changes, socioeconomic issues, and global tensions like the ongoing war in Ukraine.
The report reveals a significant jump in disruptive cyberattacks. In 2023, there were 10 major incidents, which rose to 18 in 2024, with projections suggesting this number could reach 32 by the end of the year. This alarming trend has not gone unnoticed by businesses across the country. A survey conducted by Opinium for QBE found that 80% of businesses believe cyber threats have increased over the past year.
The findings also show that more than half of Canadian businesses, about 53%, have faced a cyber event in the last 12 months. Notably, 18% of those incidents resulted in a disruption lasting a full working day or longer. Additionally, 51% of cyberattacks led to revenue losses, with 58% of affected businesses reporting that their issues were linked to a supplier.
Kyle Gray, a technical underwriter at QBE, emphasized the importance of looking beyond internal security measures. He noted that as businesses become more interconnected, they must also consider the vulnerabilities of their suppliers to effectively manage risk.
In light of these rising threats, it’s not surprising that 78% of businesses express concern about potential cyber risks in the coming year. Many plan to increase their cybersecurity budgets, with 28% expecting to boost spending beyond inflation and 41% aiming to keep it in line with inflation.
However, a significant number of businesses still lack adequate protections. The report indicates that 25% do not have cyber insurance, and 15% have no incident response plan in place to tackle cyber events.
On another note, Canadian businesses are increasingly adopting artificial intelligence (AI). A striking 94% are either currently using AI or are exploring its use. Most believe that AI will positively impact the economy and their businesses within the next two years.
The research was based on a survey of 400 IT decision-makers from Canadian businesses with 100 to 2,000 employees, conducted between April 10 and April 23, 2025. Cyber events included various types of attacks, such as phishing, malware infections, and data breaches.
As the landscape of cyber threats continues to evolve, businesses must remain vigilant and proactive in their cybersecurity efforts to protect themselves and their customers.