Cyber Crime Statistics in Canada

Cybercrime is on the rise across the globe, including Canada. Crimes of this nature affect both individuals and businesses throughout the country.  Although there are common features to cyber crime across the world, each country has its unique cybercrime and cyber security landscape.

In global statistics on cybercrime, Canada’s statistics are often viewed together with those from the United States. However, while ransomware, data breaches, phishing attacks, and a range of fraud are all commonplace in both countries, the statistics are by no means identical.

In this article, you will find statistics about how Canadian individuals and businesses are affected by cybercrime.

Cybercrime Statistics for Canadians

• Canada’s cybersecurity score places the country 13th out of 75 countries.
• In the first six months of 2024, over 41,000 cybercrimes were reported in Canada. 
• Over 85 % of Canadian companies were affected by successful cyberattacks in one year.
• Almost 2/3 of Canadian companies expect to be hit with a ransomware attack.
• Over 10 % of Canadian companies hit by ransomware paid the ransom in 2020.
• The average ransomware hit cost Canadian companies about $1.1 million in 2023.
• On average, Canadian companies spent 5–15 % of IT budgets on cyber security.
• 84 % of Canadian companies have insurance policies against cybercrime.
• Only around 40 % of data breaches in Canada are caused by malicious attacks.
• It takes around 241 days on average to identify and contain data breaches.
• The most common types of online fraud in Canada involve investment and romance scams.

Canada ranks in the top fifteen for cybersecurity

Canada ranks fairly well in terms of cybersecurity. In a comparison by Comparitech that included 75 countries and over a dozen factors, Canada’s score placed the country 13th. The factors included how prepared the country is to face cyber attacks and the frequency of cyber attacks.

Denmark, Sweden, and Ireland took the top three spots while China, Bangladesh, and Tajikistan were the bottom three countries.

In a more recent study, as reported by IT World Canada, Canada ranked fifth after the United States. However, only twenty countries were included in this study on cybersecurity. 

A recent report by Statistics Canada revealed that between January and June of 2024, over 41,000 cyber crimes were reported to Canadian police. Most of these violations were fraud, at 56% of the total violation count.

How many Canadian companies are affected by cybercrime each year?

Cyber attacks on companies in Canada remain prevalent, but the pattern of how many businesses are affected has changed in recent years. In 2020, 78 % of Canadian organisations reported experiencing at least one cyber security incident in the past year, and this figure rose to about 86.5 % in 2024 according to industry surveys.

However, official Statistics Canada data show that the proportion of Canadian businesses formally impacted by cyber security incidents declined when measured in terms of incidents reported in the 2023 Canadian Survey of Cyber Security and Cybercrime: about 16 % of businesses were impacted in 2023, down from 18 % in 2021 and 21 % in 2019.

Note the differences in how “experiencing a cyber attack” and “being impacted by a cyber security incident” are defined, both of which are widely monitored in Canada’s cyber threat landscape.

Ransomware Statistics

According to a report by CyberEdge Group, 63 % of organisations were affected by ransomware in 2024, down from earlier peaks in previous years. This represents a continuation of a slight downward trend in ransomware victimisation rates compared with 72 % of Canadian companies reported as affected in 2020 and 61.2 % in 2021 in earlier surveys.

However, another report by Sophos from 2025 indicates that just under 60 % of organisations were hit by ransomware in the most recent 12‑month period, which would suggest a smaller rise in ransomware compared with some earlier figures.

Canadian companies are highly aware of the threat of ransomware, and many say they expect to be targeted in the future. In recent surveys, a large proportion of organisations report anticipating an attack, reflecting ongoing concern about ransomware risk.

Because companies are prepared for ransomware attacks, they have managed to block a significant portion of incidents before data was encrypted, with over a quarter (26 %) of attacks reportedly blocked prior to encryption in earlier data — a figure that remains an important measure of defensive success

How many companies pay ransoms?

Out of the companies that were hit by ransomware in 2020, only 11 % paid the ransom, and internationally Canada was among the countries with one of the lowest percentages of ransoms being paid, with only Italy (6 %) and Spain (4 %) reporting smaller portions. Indian, Swedish, and Philippine companies were the most likely to pay ransoms at 66 %, 50 %, and 32 % respectively.

More recent global ransomware reporting shows that the overall proportion of organisations worldwide that paid a ransom has risen, with nearly 50 % of companies paying the ransom to get their data back in 2025 according to the latest Sophos State of Ransomware survey.

How much does being hit by ransomware cost?

Being hit by ransomware is costly as companies have to deal with the ransom itself (if they decide to pay it) and pay for specialist services. A ransomware attack usually also results in loss of business. The average cost of a ransomware attack for Canadian organisations was reported at about $1.1 million CAD in 2023. 

This compares with global and regional cost estimates that range from the mid‑hundreds of thousands to several million dollars per incident, with some sectors reporting even higher average figures, such as ransom demands averaging $2.73 million. 

Trojan ransomware

When Kaspersky conducted a mobile malware study in 2020, it found that ransomware Trojans were more commonplace in Canada compared to other countries. 0.11% of Canadian users reported seeing these types of attacks, which made Canadians the sixth most likely people to be affected. The most likely countries were the United States, Kazakhstan, Iran, China, and Italy.

However, there have been improvements as by the third quarter of 2021, Canada was no longer in the top ten of the countries most affected by Trojan ransomware. This is either because there is more awareness of cyber security or because the attackers changed targets.

Data Breach Statistics

IBM published a report on the cost of data breaches focusing on how much companies lose when a data breach occurs. The average cost for Canadian organisations was about $6.98 million CAD in 2025, up from $6.32 million in 2024 and $6.94 million in 2023, reflecting a growing financial impact of breaches. Canadian companies still face some of the highest costs in the world when data breaches occur.

However, Canada now has a lower portion of breaches attributed to malicious attacks than some other regions, with many incidents instead linked to other causes such as misconfigurations and system issues in broader studies. While exact percentages for Canada vary by report, this pattern remains consistent with historical findings showing a mix of human error and technical factors alongside cyber‑attack causes.

Although 241 days, which is the current global average time to identify and contain a breach,  might seem long, this is the shortest average breach lifecycle in recent years, with organisations worldwide improving detection and containment times.

Online Fraud in Canada

According to the Canadian Anti‑Fraud Centre and related reporting, Canadians lost an estimated $638 million to fraud in 2024, significantly up from earlier years. Cyber‑enabled fraud accounted for around 75 % of these reported losses, with investment scams among the costliest categories.

Fraud related to people seeking romance and other social‑engineered schemes continues to be common: online investment fraud alone resulted in tens of millions of dollars in losses in 2024, and many of these scams now involve cryptocurrencies and fake profiles on dating and social platforms.

According to recent Canadian survey data, about 70 % of Canadians experienced a cyber‑security incident in 2022 (including unsolicited spam, fraudulent content and other online threats), and fraudulent content such as phishing remains widespread.

Phishing and deceptive emails continue to be the most common online security incident, and in a 2024 TransUnion survey around 54 % of Canadians said they had been targeted by fraud attempts via email, phone or text, with phishing reported as the top scheme type.

More specific rates from the 2022 Canadian Internet Use Survey show that:

• about 60 % of Canadians received unsolicited spam,
• around 40 % received fraudulent content,
• 22 % were redirected to fraudulent websites,
• 11 % saw viruses or malware,
• 8 % experienced hacked accounts, and
• about 6 % reported fraudulent use of identity.

How do Canadian individuals respond to cybercrime?

The most common action against cybercrime among Canadians is to change their password, which is what 34% of people would do if their details were compromised. Only a quarter of Canadians would report the incident to the company or platform through which the incident occurred.

One-fifth of Canadians bought or upgraded their software security package to improve their cyber security while 17% deleted accounts that had been compromised in a cyber security breach. 15% said they pay more attention to terms and conditions before signing up for a platform.

Only 6.1% of people who had experienced cybercrime reported the incident to their internet provider. An even lower portion, at 4.6%, reported the cyber security breach to a government authority. This shows that much more awareness of cyber security is needed in Canada.

How do Canadian companies respond to cybercrime?

Canadian companies attempt to tackle cybercrime by investing in cyber security. However, many companies have had to reduce their IT budgets, including their cyber security budgets, following the pandemic. Canadian survey data for 2024 shows that the most common range organisations devote to cyber security is between 5 % and 15 % of their IT budget.

The majority of Canadian companies put their trust in artificial intelligence or machine learning when tackling cybercrime. 73.5% of companies in Canada use AI or machine learning cybersecurity products.

An IBM report found that 24% of Canadian companies have fully deployed security automation. Another 38% have partially deployed security automation. This places Canada in the top five globally.

Canadian companies are slightly more likely to have cyber security insurance than the global average. 84% of the companies have included cyber insurance in their policies. 62% of the companies that have cyber security insurance are covered against ransomware attacks.

Examples of cybercrime in Canada

• In October 2021, the Toronto Transit Commission was hit with malware that encrypted its data.
• When a third-party supplier of Canada Post was hit with a cyber attack in May 2021, nearly a million postal addresses were breached. In 3% of the cases, email addresses or phone numbers were breached as well.
• Collège Montmorency, which is one of Canada’s well-known colleges, was hit by cybercrime in May 2022. The attack left teachers and students unable to continue lessons. The incident was serious enough to be investigated by the Ministry of Cybersecurity and Digital.
• The Canadian airline Sunwing had a security breach in April 2022, which resulted in thousands of passengers having to cancel travel plans. The cyber attack affected everything from inbound flights being unable to land to check-in processes.
• In 2021, an unauthorized party was able to access Canada Revenue Agency user credentials. As a result, 800,000 taxpayers were locked out of their accounts.
• An attack on the global meat producer JBS in 2021 shut down facilities in Canada as well as in the United States and Australia and resulted in a ransom of $11 million being paid.

Conclusions

Incidents of cybercrime targeting both businesses and individuals are on the rise in Canada as well as globally, and there was a spike in cybercrime during the pandemic. In response, many companies invested in awareness campaigns. Most Canadian companies also have insurance policies that cover them against cybercrime.

As a result of the pandemic, many companies have had to reduce their IT budgets and money spent on cyber security, leaving them more vulnerable to ransomware and data breaches.

Since less than five Canadians are said to report incidents of cybercrime to government authorities, more awareness of cybercrime is needed in Canada.

If you have been targeted in a cybercrime attack in Canada, you should report the incident to your local police station and the Canadian Anti-Fraud Centre.