Insights from the 2025 State of Cybersecurity in Canada Report
Over the past year, businesses have faced a dramatic surge in cyberattacks, ranging from ransomware paralyzing critical infrastructure to sophisticated AI-driven phishing campaigns. These incidents have inflicted significant financial losses, disrupted essential services and eroded public trust.
Recommended Videos
The newly released “2025 State of Cybersecurity Report” from the Canadian Cybersecurity Network (CCN) indicates that this growing threat landscape underscores an urgent need for transformation – from reactive defense to proactive resilience. Canadian organizations stand at a pivotal moment in their cybersecurity journey.
A wake-up call for Canadian organizations
The findings reveal a stark picture: ransomware attacks have increased by 40 per cent, with health care, energy and education sectors bearing the brunt of disruptions. Misconfigurations in IoT and cloud systems serve as frequent gateways for attackers, exposing systemic vulnerabilities. State-sponsored espionage campaigns further compound the issue, targeting Canadian businesses with increasing sophistication.
Amisha Parikh, vice-president, cyber and intelligence solutions at Mastercard, encapsulates the dual-edged nature of advancing technology: “The advancement in technology is presenting new opportunities, such as smarter ways to pay, greater transparency of payments, faster transaction experience and personalization. But with these new advances, there are new risks to financial institutions, governments and, especially, businesses.”
Robert Falzon, head of engineering at Check Point Software Technologies, says proactive measures are needed to counter these threats. “AI has become a force multiplier, enhancing both attack and defence capabilities. But organizations cannot rely solely on automation; human expertise must guide these tools to ensure they address vulnerabilities effectively.”
This balanced approach is crucial as organizations face the ever-expanding attack surface presented by interconnected technologies, according to the CCN.
Harnessing emerging technologies
The report also underscores the transformative potential of artificial intelligence. While AI revolutionizes fraud detection and incident response, it also empowers attackers to create deepfakes and execute sophisticated phishing campaigns.
Parikh warns, “Now, as they gain access to the latest AI, which can be trained on images and videos of real customers or executives to produce audio and video clips impersonating them, fraudsters have taken this to a whole new level.”
Despite these challenges, she emphasizes the value of proactive measures. “Mastercard is investing in the latest cutting-edge technology to turbocharge its arsenal of capabilities to take the fight to the fraudsters and keep our digital world safe.”
Operational resilience as a priority
Building operational resilience is another crucial element highlighted in the report. To ensure organizations can maintain critical functionality even during disruptions, businesses must adopt real-time, adaptive cybersecurity measures. This includes advancements like Identity Threat Detection and Response (ITDR), which addresses identity-based threats, especially in cloud and hybrid environments.
Gartner, a global research and advisory firm, recognizes ITDR as a cornerstone of effective cybersecurity, while experts in the report stress the importance of continuous monitoring and immediate response mechanisms to mitigate damage from attacks.
Addressing the talent gap is equally critical for Canada’s cybersecurity future, according to the report, which recommends scaling mid-career reskilling programs to tap into underutilized talent pools, such as professionals from declining industries or under represented regions.
Francois Guay, CEO of CCN, notes the importance of this shift: “We must de-urbanize cybersecurity to support a truly national digital economy.”
Collaboration between public and private sectors is also vital to strengthening Canada’s cybersecurity landscape. A framework similar to the U.S. Joint Cyber Defense Collaborative could align government resources with private-sector expertise. Encouraging financial incentives for SMBs to adopt Managed Detection and Response (MDR) services is another practical step to bolster defences and close accessibility gaps.
Brendon Conlon, global client executive at BlueVoyant, notes the challenges posed by globally distributed supply chains. “The real issue isn’t weaknesses within Canadian firms themselves but the distributed nature of their supply chains. You have to persistently monitor vulnerabilities and engage directly with vendors to drive improvements in their security posture.”
Operational resilience must include identifying critical vendors, understanding their role in business operations and implementing robust contingency plans, Conlon says.
Fostering a security culture
Fostering a security-first culture is essential, especially as human error accounts for 82 per cent of breaches, according to a Verizon report. By investing in behaviour-focused training and leadership buy-in, organizations can instill a proactive cybersecurity mindset across their teams.
Parikh reinforces this approach: “In the Canadian Cybersecurity Network’s ‘State of Cybersecurity Report,’ we highlight how Canadian businesses can proactively enhance their defences by embracing generative AI and building a strategic, layered defence. This includes assessing risks, partnering with trusted providers and fostering a resilient security culture.”
Leveraging emerging technologies such as AI-powered anomaly detection can significantly enhance threat identification and mitigation, according to the report; building frameworks to manage risks associated with generative AI and deepfake technologies will be critical as fraudsters continue to exploit these tools with increasing sophistication.
Call to action
The “2025 State of Cybersecurity Report” challenges Canadian leaders to treat cybersecurity not as a mere challenge but as an enabler of growth and innovation. By adopting emerging technologies responsibly, addressing systemic gaps and fostering resilience, Canada can secure its digital future and maintain its competitiveness on the global stage.
As Conlon puts it, “Organizations need to be ready for day two, ensuring they can switch to backup plans and maintain functionality even when a breach occurs.”
This moment requires decisive action to build a secure, thriving digital ecosystem for the future, the report states. According to CCN, by strengthening collaboration, prioritizing education, and leveraging innovation, Canada can transform its digital landscape into one defined by trust, resilience, and opportunity.
Francois Guay is the Chief Executive Officer of the Canadian Cybersecurity Network
