Canadian IT leaders are mobilizing to counter a new wave of AI-driven cyberattacks

Generative AI is not a passing fad. Unlike earlier technologies, generative AI is increasingly autonomous and, as many note, has the potential to make “…make significant contributions to the future of technology and society as a whole.”

However, with rapid progress comes a new wave of threats. Generative AI has ushered in an era of sophisticated cyberattacks that are easier, faster, and cheaper to execute, posing risks to Canadians across every sector.

To better understand these challenges, in 2025, CIRA surveyed 500 IT professionals across a variety sectors Canada. The results paint a clear picture: cybersecurity professionals are taking AI-driven threats seriously and are actively adapting their defenses.

A growing wave of sophisticated threats

 Cyberattacks are not slowing down. According to the 2025 survey, more than four in ten Canadian organizations (43%) say they have experienced a cyberattack in the past 12 months, whether attempted or successful. Compounding this problem is ransomware. Nearly one-quarter (24%) of organizations reported being successfully targeted, and almost three-quarters (74%) of those ended up paying the ransom.

Against this backdrop is the rise of cyberattacks driven by generative AI. Generative AI–enabled cyberattacks differ from traditional ones by being more scalable, personalized, adaptive, and convincing, allowing attackers to automate sophisticated tactics that were once manual and easier to detect. A recent incident highlighted the severity of these AI-driven threats. In 2025, hackers weaponized Anthropic’s Claude to infiltrate at least 17 organizations and help North Korean operatives secure remote tech jobs at Fortune 500 companies, enabling large-scale data theft and extortion

This not going unnoticed by Canadians. The survey shows that seven in ten organizations (70%) indicate that they are worried about AI-enabled cyber threats. Among cybersecurity professionals, the biggest concerns are:

• Data gathered by AI tools (65%)
• Improved phishing emails and texts (61%)
• Deepfake images and videos (52%)
• Deepfake voices used in vishing scams (40%)

When asked about specific AI-powered threats, organizations point to AI-enabled cyberattacks (54%), privacy breaches (52%), and data poisoning (48%) as top worries.

Fighting fire with fire

In response to these new threats, Canadian organizations are getting prepared, bolstering their security posture to defend against all types of cyber threats. More than three quarters (78%) have allocated more money to IT systems management and cybersecurity in the past 12 months, while a similar share (74%) are investing in the human resources focused on cybersecurity.

In the spirit of fighting “fire with fire”, many cybersecurity professionals are integrating AI into their own security strategies. Almost two-thirds (65%) say their organization has begun integrating AI tools into its workflows and operations, up sharply from 44% in 2023. The most common reasons cited are to enhance data analytics capabilities (60%), improve general productivity (57%), automate repetitive tasks (51%), and enhance security practices (44%).

Among those who have not yet integrated AI tools into their workflows, 34% say their organization is planning to do so.

A seismic shift

Canadian cybersecurity professionals can no longer remain passive as AI-driven threats reshape the tactics of both attackers and defenders. Cybercriminals and state actors no longer need vast resources to infiltrate systems. Generative AI has lowered the barrier to entry, making it easier to target Canadian organizations.

Fortunately, many organizations are responding decisively. They are strengthening their defenses, training their staff, and adopting the same advanced technologies that adversaries are using.

All in all, the message is clear: AI is transforming cybersecurity, and Canadian organizations are moving fast to keep pace.