Ottawa, ON – October 3, 2023 – With high-profile security incidents plaguing government websites and energy companies, the latest edition of CIRA’s Cybersecurity Survey has found that Canadian organizations are unprepared to handle and recover from new cyber threats including artificial intelligence (AI). The survey comes as Canada’s in-demand security professionals are being advised to adopt a heightened state of vigilance in response to increased global threats.
The annual study found that while most organizations are worried about potential cyber threats from new technology, such as generative AI (68 per cent), few have policies in place to prevent, protect and educate their teams about the nature of these attacks. In fact, only three in 10 (32 per cent) organizations reported having an AI policy in place, despite a rise in automated attacks and data breaches.
“With new technology we often see bad actors adopt early, before businesses have new defence strategies in place,” said Jon Ferguson, General Manager, Cybersecurity & DNS, CIRA. “In the hands of criminals, AI can supercharge efforts to trick employees and exploit vulnerabilities in a company’s digital infrastructure. It’s no secret that most organizations struggle to adapt to new technology, and today’s results suggest that Canadian firms still have work to do to prepare for the threats posed by AI.”
As these technologies continue to evolve, so too does the cost of recovering from a cyber attack, which goes far beyond financial burden. The survey found that among the organizations that experienced a ransomware attack, 70 per cent paid the ransom demands, and out of those that paid the ransom, nearly one quarter (22 per cent) paid up to $100,000. Similarly, nearly 30 per cent of organizations experienced a loss of revenue as a result of a cyber attack (up from 17 percent in 2022), and one quarter (24 per cent) experienced damage to their reputation.
The full findings are featured in this year’s survey report.
- Almost seven in 10 (68 per cent) organizations are worried about potential cyber threats from generative AI, but only three in 10 (32 per cent) say their organization has an AI policy in place.
- Among the organizations that experienced a ransomware attack, 70 per cent indicated that they paid the ransom demands. Out of those that paid the ransom, nearly one quarter (22 per cent) paid between $50K – $100K.
- 40 per cent of organizations experienced an employee and/or customer data breach last year (an 11 per cent increase from 2022).
- Most say it took under a month to recover their organization’s IT systems to pre-incident capacity, and just under half (47 per cent) say it took less than a week.
- Nearly 30 per cent of organizations experienced a loss of revenue as a result of a cyber attack (up from 17 per cent in 2022), and one quarter (24 per cent) experienced damage to their reputation.
- Organizations face cyber risks by relying on outdated technology, with over one-third (37 per cent) of firms report using technology released prior to 2010.
CIRA manages the .CA top-level domain on behalf of all Canadians. It also develops technologies and services—such as CIRA DNS Firewall and CIRA Canadian Shield—that help support its goal of building a better online Canada. The CIRA team operates one of the fastest-growing country code top-level domains (ccTLD), a high-performance global DNS network, and one of the world’s most advanced back-end registry solutions.
Delphine Avomo Evouna
Communications Specialist, CIRA