Cybercrime is on the rise across the globe, including Canada and it affects both individuals and businesses. Although there are common features to cyber crime across the world, each country has its unique cybercrime and cyber security landscape.

In global statistics on cybercrime, Canada’s statistics are often viewed together with those from the United States. However, while ransomware, data breaches, phishing attacks, and a range of fraud are all commonplace in both countries, the statistics are by no means identical.

In this article, you will find statistics about how Canadian individuals and businesses are affected by cybercrime.

Cybercrime Statistics for Canadians

  • Canada’s cybersecurity score places the country 13th out of 75 countries.
  • 2% of Canadian organisations were affected by ransomware in 2021.
  • Over 85% of Canadian companies were affected by successful cyberattacks in one year.
  • 65% of Canadian companies expect to be hit with a ransomware attack.
  • 11% of Canadian companies hit by ransomware paid the ransom.
  • The average ransomware hit cost Canadian companies almost $2 million to remedy.
  • Canadian companies spent on average 11.1% of the IT budget on cybersecurity in 2021.
  • 84% of Canadian companies have insurance policies against cybercrime.
  • The average cost of a data breach in Canada is $5.4.
  • Only 42% of data breaches in Canada are caused by malicious attacks.
  • It takes around 168 days on average to identify data breaches in Canada.
  • In 2021, Canadians lost around $100 million to online fraud.
  • The most common types of online fraud in Canada involve investment and romance.
  • 42% of Canadians had to deal with a cyber security issue during the first six months of the pandemic and 34% received phishing emails during the same period.
  • Over half of Canadians have experienced cybercrime at least once.
  • 2% of Canadians have had their identities stolen.

Canada ranks in the top fifteen for cybersecurity

Canada ranks fairly well in terms of cybersecurity. In a comparison by Comparitech that included 75 countries and over a dozen factors, Canada’s score placed the country 13th. The factors included how prepared the country is to face cyber attacks and the frequency of cyber attacks.

Denmark, Sweden, and Ireland took the top three spots while China, Bangladesh, and Tajikistan were the bottom three countries.

In a more recent study, as reported by IT World Canada, Canada ranked fifth after the United States. However, only twenty countries were included in this study on cybersecurity. 

How many Canadian companies are affected by cybercrime each year?

Cyber attacks on companies in Canada are on the rise. 78% of Canadian companies experienced at least one cyber attack in 2020. The following year, cyber attacks affected 85.7% of Canadian companies.

This represents a 7.7 percent rise in the attacks in a year and places Canada not far behind the worst affected country Columbia, which had the highest rise at 8.2 percent.

Ransomware Statistics

According to a report by CyberEdge Group from 2020, 72% of Canadian companies were affected by ransomware in 2020. In 2021, this figure dropped to 61.2% of all organizations. This reduction improved Canada’s global ranking, and it has moved from 3rd place to 11th place in 2021.

However, another report by Sophos State from 2021 indicates that only 39% of Canadian businesses had to deal with ransomware in 2020. Which would mean there was over a 20% rise in ransomware year on year.

Canadian companies are highly aware of potentially being hit by ransomware and 65% of them say they expect a ransomware attack in the future. Because the companies are prepared for ransomware attacks, they managed to block over a quarter (26%) of the attacks in 2020 before any data was encrypted.

How many companies pay ransoms?

Out of the companies that were hit by ransomware in 2020, only 11% paid the ransom. Internationally, Canada had one of the lowest percentages of ransoms being paid. Only Italy (6%) and Spain (4%) had smaller portions. Indian, Swedish, and Philippine companies were the most likely to pay ransoms at 66%, 50%, and 32% respectively.

How much does being hit by ransomware cost?

Being hit by ransomware is costly as companies have to deal with the ransom itself (if they decide to pay it) and pay for specialist services. A ransomware attack usually also results in loss of business. The average cost for Canadian companies is $1.92 million compared to the global average of $1.85 million. However, it is a small amount compared to the Austrian average of $7.5 million.

Trojan ransomware

When Kaspersky conducted a mobile malware study in 2020, it found that ransomware Trojans were more commonplace in Canada compared to other countries. 0.11% of Canadian users reported seeing these types of attacks, which made Canadians the sixth most likely people to be affected. The most likely countries were the United States, Kazakhstan, Iran, China, and Italy.

However, there have been improvements as by the third quarter of 2021, Canada was no longer in the top ten of the countries most affected by Trojan ransomware. This is either because there is more awareness of cyber security or because the attackers changed targets.

Data Breach Statistics

IBM published a report on the cost of data breaches in 2021 focusing on how much companies lose when a data breach occurs. The average cost in Canada was $5.4 million in 2021, compared to $4.5 million in 2020. Globally, Canadian companies face the third highest costs when data breaches occur in the United States and Middle Eastern countries.

However, Canada had the lowest portion of breaches that resulted from malicious attacks. Only 42% of data breaches were from cyber attacks. 35% of the breaches were caused by glitches in the system and 23% were down to human errors.

Although 168 days does not sound fast, Canada is the second fastest country to identify data breaches. The only country faster was Germany where it takes companies around 128 days to identify a breach. Once identified, it takes Canadian companies 58 days on average to contain the breach.

Online Fraud in Canada

According to the Canadian Anti-Fraud Centre, Canadians lost an estimated $230 million to fraud in 2021. Over $100 million was associated with online fraud. The most common online fraud was investment fraud, with an estimated cost of $70 million. Online investment fraud increasingly involves cryptocurrencies.

Fraud related to people seeking romance was the second most common type of online fraud with losses of around $40 million. The money was lost through dating scams and was twice as much in 2021 than in the year before.

According to the Canadian Internet Use survey, 57.3% of Canadians have experienced at least one online security incident. The most common type was phishing emails and text messages, with 48% of respondents reporting they had received suspicious emails. It is estimated that 91% of all cyber attacks begin with fraudulent emails.

18.7% of respondents had been redirected to fraudulent websites and 11.4% said they had experienced viruses and malware. 5.7% of Canadians have had their accounts hacked and 4.5% have been a target of cyber-ransom. Currently, cases of stolen identity are still rare in Canada with only 2% of the respondents having been victims of identity theft.

Phishing attacks are a common way to target companies, too, with 58% saying they have received phishing emails. The other two most common fraud attempts companies face include malware at 45% and network scanning at 20%.

How did the Covid-19 pandemic affect cybercrime in Canada?

The global pandemic saw more people shopping and conducting their business online. According to a report from 2020 by Statistics Canada, 42% of Canadians dealt with a cyber security incident in the first six months of the pandemic. The incidents included malware, fraud, hacked accounts, and phishing attacks. 36% of those who reported a cyber incident lost time, money, or data as a result.

There were nearly 20,000 incidents of malicious COVID-19-related file detections in Canada between December 2020 and January 2022, according to McAfee. It is a significant number but pales in comparison with the over 11 million detections in the United States.

Canadians experienced a rise in phishing emails during the pandemic. 34% of Canadians experienced a phishing attack and 14% received Covid-19-related phishing emails during the first six months of the pandemic.

Canadian companies also saw a spike in attacks since the start of the pandemic. In response to the rising number of cyber attacks, over 50% of companies launched new cyber security awareness campaigns.

How do Canadian individuals respond to cybercrime?

The most common action against cybercrime among Canadians is to change their password, which is what 34% of people would do if their details were compromised. Only a quarter of Canadians would report the incident to the company or platform through which the incident occurred.

One-fifth of Canadians bought or upgraded their software security package to improve their cyber security while 17% deleted accounts that had been compromised in a cyber security breach. 15% said they pay more attention to terms and conditions before signing up for a platform.

Only 6.1% of people who had experienced cybercrime reported the incident to their internet provider. An even lower portion, at 4.6%, reported the cyber security breach to a government authority. This shows that much more awareness of cyber security is needed in Canada.

How do Canadian companies respond to cybercrime?

Canadian companies attempt to tackle cybercrime by investing in cyber security. However, many companies have had to reduce their IT budgets, including their cyber security budgets, following the pandemic. In 2020 Canadian companies spent 12.1% of their annual IT budget on cyber security. In 2021, this figure had fallen to 11.1%.

The majority of Canadian companies put their trust in artificial intelligence or machine learning when tackling cybercrime. 73.5% of companies in Canada use AI or machine learning cybersecurity products.

An IBM report found that 24% of Canadian companies have fully deployed security automation. Another 38% have partially deployed security automation. This places Canada in the top five globally.

Canadian companies are slightly more likely to have cyber security insurance than the global average. 84% of the companies have included cyber insurance in their policies. 62% of the companies that have cyber security insurance are covered against ransomware attacks.

Examples of cybercrime in Canada

  • In October 2021, the Toronto Transit Commission was hit with malware that encrypted its data.
  • When a third-party supplier of Canada Post was hit with a cyber attack in May 2021, nearly a million postal addresses were breached. In 3% of the cases, email addresses or phone numbers were breached as well.
  • Collège Montmorency, which is one of Canada’s well-known colleges, was hit by cybercrime in May 2022. The attack left teachers and students unable to continue lessons. The incident was serious enough to be investigated by the Ministry of Cybersecurity and Digital.
  • The Canadian airline Sunwing had a security breach in April 2022, which resulted in thousands of passengers having to cancel travel plans. The cyber attack affected everything from inbound flights being unable to land to check-in processes.
  • In 2021, an unauthorized party was able to access Canada Revenue Agency user credentials. As a result, 800,000 taxpayers were locked out of their accounts.
  • An attack on the global meat producer JBS in 2021 shut down facilities in Canada as well as in the United States and Australia and resulted in a ransom of $11 million being paid.

Conclusions

Incidents of cybercrime targeting both businesses and individuals are on the rise in Canada as well as globally, and there was a spike in cybercrime during the pandemic. In response, many companies invested in awareness campaigns. Most Canadian companies also have insurance policies that cover them against cybercrime.

As a result of the pandemic, many companies have had to reduce their IT budgets and money spent on cyber security, leaving them more vulnerable to ransomware and data breaches.

Since less than five Canadians are said to report incidents of cybercrime to government authorities, more awareness of cybercrime is needed in Canada.

If you have been targeted in a cybercrime attack in Canada, you should report the incident to your local police station and the Canadian Anti-Fraud Centre.

Frequently Asked Questions

78% of Canadian companies experienced at least one cyber attack in 2020. The following year, cyber attacks affected 85.7% of Canadian companies.

Canadian companies attempt to tackle cyber crime by investing in cyber security. In 2020 Canadian companies spent 12.1% of their annual IT budget on cyber security. 

Canada ranks fairly well in terms of cyber security. In a comparison by Comparitech that included 75 countries and over a dozen factors, Canada’s score placed it 13th.

The most common action against cyber crime among Canadians is to change their password, which is what 34% of people would do if their details were compromised. One-fifth of Canadians bought or upgraded their software security package to improve their cyber security while 17% deleted accounts that had been compromised in a cyber security breach. 15% said they pay more attention to terms and conditions before signing up for a platform.

According to a report from 2020 by Statistics Canada, 42% of Canadians dealt with a cyber security incident in the first six months of the pandemic. The incidents included malware, fraud, hacked accounts, and phishing attacks. 36% of those who reported a cyber crime incident lost time, money, or data as a result.