For anyone aspiring to be a cybercriminal, it’s never been easier than it is today. All you need is a laptop, an internet connection and a web browser pointed to one of an ever-expanding list of generative AI chatbots and you’re off to the races.
Want to create a highly sophisticated phishing email that mimics a certain writing style or a specific brand identity? Or maybe a deepfake video to scam victims out of their hard-earned money? Your favourite chatbot can help.
So where does that leave the rest of us as the potential victims of these AI-assisted attacks, which have the potential to be more sophisticated, more damaging and harder to detect than ever? Fortunately, it’s a two-way street.
Hackers aren’t the only ones harnessing the power of generative AI. Businesses, governments and other organizations are increasingly taking advantage of the same technology to boost their efforts to protect their IT infrastructure, employees and customers from online harms.
With AI-powered cybersecurity solutions, organizations can detect and mitigate threats quickly using automation, analyze user behaviour and flag anomalies, and help IT teams stay ahead of AI-assisted attacks.
Despite these efforts, for Canadians and Canadian businesses, cyberattacks and data breaches are a major concern. According to the 2025 Canadian Internet Trends Report, two in ten Canadians say they have been the victim of a cyber attack or a data breach in the past year. Of these, more than half (60 per cent) are the result of a data breach by a company or service used by the victims.
Other causes mentioned by Canadians include giving up their personal information in response to a phishing email or text message (18 per cent), weak or stolen passwords (10 per cent) and malware or a virus infection (10 per cent).
Overall, as Canadians we consider ourselves to be savvy internet users with 61 per cent of us saying we are confident in our ability to detect frauds and scams online. Digital literacy is an important part of the equation, but it’s not realistic to expect that it’s enough to keep us safe one hundred per cent of the time, especially when we regularly entrust our personal data to businesses, governments and other organizations.
As stewards of our data, these organizations have a responsibility to prioritize cybersecurity by continuing to invest in the latest systems, processes and training that will thwart would-be cybercriminals in their efforts to acquire that data and profit from it through illegal means.
Organizations that handle sensitive personal data have a responsibility to adopt a layered approach to cybersecurity. That means securing the network perimeter with modern firewall and intrusion detection systems, hardening endpoints with device-level protections and software patching, and enforcing strong identity and access controls.
But technology alone isn’t enough. Regular training and phishing simulations help ensure that staff—from front-line employees to executives—are equipped with the digital street smarts to recognize and respond to evolving threats. A strong security culture isn’t a one-time investment—it’s an ongoing commitment.
To learn more about how CIRA helps build a safer internet for Canadians, explore our cybersecurity services and training programs.
Dathan is the Director of Product Management for the Cybersecurity & DNS team at CIRA. With over 20 years’ experience in the Cybersecurity and technology space, Dathan is passionate about bringing solutions to the market that solve real world problems. Dathan joined CIRA in the spring of 2025 to help launch new products to help protect Canadian citizens and business from cyberattacks.
