Skip to main content
  • Cybersecurity

Data breaches at Canadian organizations have nearly doubled since the pandemic: New CIRA survey

By Delphine Avomo Evouna
Communications Specialist

Ottawa, ON – October 5, 2022 – While the world has been struggling with the pandemic for the past two years, IT managers have had an additional challenge on their minds—the growth in cyber attacks. The newly released CIRA Cybersecurity Survey found that three in 10 (29 per cent) experienced a breach of customer and/or employee data last year, nearly doubling from 18 per cent in 2019 before the pandemic began. 

In the annual survey, CIRA asked 500 IT security professionals for their perspectives on the cybersecurity landscape including the evolving nature of cyber threats and the increasing calls for more accountability on data privacy.  As organizations continue to collect more and more sensitive information about employees, suppliers or vendors, only 44 per cent of those who experienced a breach say they informed those affected of the incident.

“The pandemic has raised the cybersecurity stakes for organizations across the country,” said Jon Ferguson, General manager, Cyber DNS, CIRA. “Threats are more common and more sophisticated, and customers are holding brands accountable for mishandling their data. It is our hope that this survey will provide some perspective on the issues and help raise awareness on the problem we are facing.”

From major airlines to rideshare apps and iconic Canadian food chains, protecting stakeholders’ data is an increasing challenge. In the past, these data breaches may have mostly affected large corporations, but now small and medium-sized businesses, school boards, municipalities and organizations of all industries and sizes are impacted.

Given that 15 per cent of organizations reported a loss of customers following a data breach (also double the pre-pandemic level) protecting customer data is no longer just an IT issue, it is also a sales and brand issue.  

The full findings are featured in this year’s survey report.


Key Findings

  • Three-in ten (29 per cent) organizations experienced a breach of customer and/or employee data. Before the pandemic, only 18 per cent said they experienced it—a difference of nearly double.

  • Just over half (55 per cent) characterize their organization as more vulnerable to cyber threats because its employees work remotely.

  • Most IT professionals (82 per cent) indicate that their organization has a cyber incident response plan while six-in-ten organizations have used their plan in the last 12 months.

  • Survey data indicates that 15 per cent of organizations reported a loss of customers following an attack which is double the pre-pandemic level

  • Six in 10 (59 per cent) are concerned about the potential impact of Bill C-27 on their organization. The poll also shows that the private sector is less prepared to implement the new requirements.

  • Most organizations (63 per cent) consider preventing data flows going through foreign countries (data sovereignty) as more important than price when selecting a cybersecurity service vendor.


About CIRA

CIRA manages the .CA top-level domain on behalf of all Canadians. It also develops technologies and services—such as CIRA DNS Firewall and CIRA Canadian Shield—that help support its goal of building a better online Canada. The CIRA team operates one of the fastest-growing country code top-level domains (ccTLD), a high-performance global DNS network, and one of the world’s most advanced back-end registry solutions.