The cyber threat landscape facing Canadian businesses is becoming increasingly complex and severe, with methods like identity theft, scams, fraud, and ransomware affecting a larger proportion of organizations. According to the 2023 Canadian Survey of Cyber Security and Cybercrime (CSCSC), about 1 in 6 (16%) Canadian businesses experienced cybersecurity incidents.
This week, The Canadian Centre for Cyber Security released its National Cyber Threat Assessment 2025-2026 in this context. The report highlights an expanding cyber threat landscape with increasing activities from malicious state and non-state actors. Cybercrime remains a persistent threat to Canadians and all levels of government, with ransomware identified as the top cybercrime threat to Canada’s critical infrastructure.
The CSCSC data shows that identity theft incidents increased by 11 percentage points since 2021. This affects nearly one-third (31%) of impacted businesses. Scams and fraud rose by 6 percentage points, remaining the most common method used in cyber incidents, impacting 50% of affected businesses. Ransomware attacks affected over 1 in 8 (13%) impacted businesses, with the majority of victims not paying the ransom.
State-sponsored cyber threat actors are becoming more aggressive, combining disruptive network attacks with online information campaigns to influence public opinion. The assessment identifies the People’s Republic of China as presenting the most sophisticated and active state cyber threat to Canada. Russia aims to confront and destabilize Canada and its allies, while Iran uses cyber operations to coerce and repress opponents.
The Government of Canada has prioritized cybersecurity in response to these evolving threats. Budget 2024 proposes $917.4 million over five years to enhance intelligence and cyber operations programs. Canada’s updated defence policy announced the Canadian Armed Forces Cyber Command, a joint cyber operations capability between the Communications Security Establishment and the Canadian Armed Forces.
Collective Action
“As we become more connected, the cyber threats we face are evolving,” said Bill Blair, Minister of National Defence. “The National Cyber Threat Assessment 2025-2026 is an important tool to inform and equip our people and organizations.”
Rajiv Gupta, Head of the Canadian Centre for Cyber Security, emphasized collective action. “The threats have remained constant, but the methods and severity have changed. It’s up to all of us to make Canada’s cyberspace safer and more secure,” he said.
The CSCSC also noted that businesses are spending more on recovery from cyber incidents, doubling to $1.2 billion in 2023 from approximately $600 million in 2021. However, spending on prevention and detection rose at a slower pace, suggesting a need for increased focus on proactive measures.
Source: Canadian Centre for Cyber Security releases National Cyber Threat Assessment 2025-2026.
Other News: Coalition Expands Cyber Insurance Offering In Canada(Opens in a new browser tab).
Other News: