Criminal activity in the cyber world is spreading at a rapid rate. Criminals have found an opportunity during the current COVID-19 crisis to ramp up their game and take advantage of vulnerabilities. Regardless of industry, every organization is at a higher risk of becoming the next victim. Whether it's about protecting critical infrastructure and operations or personal information, or both, the impact of cyber-attacks should not be underestimated. Surprisingly, however, few companies have in place the internal cybersecurity policies and plans that are crucial to combating this rampant threat.
To help our clients have a clearer understanding of the risks, we recently launched our inaugural Canadian Cybersecurity Trends Study on the latest trends and issues related to cyber incidents. Below are five key findings from the study that all organizations should be aware of.
- Although anyone can be a target, cyber criminals appear to be focusing on organizations that store sensitive data, such as financial, health and professional services firms. Critical infrastructure is also at higher risk since an attack of this nature could lead to a widespread shut down of vital operations.
- Ransomware (35%) and business email compromise (24%) continue to be the biggest risk to organizations. A threat to publish the victim's data is often used to leverage a ransom payment, with more than 53% of targeted organizations opting to pay the ransom.
- Operational disruption (33%), financial loss (25%) and impact on relationships with customers and business partners (21%) continue to be a major source of angst for organizations. Despite this, statistics indicate that only 41% of publicly listed companies have a policy addressing cybersecurity, and even fewer (10%) have specific cyber insurance.
- The ongoing challenge with cyber incidents is that the technology and techniques employed by cyber criminals continue to evolve. Regardless of ongoing efforts to be proactive and prevent or minimize cyber incidents, the stark reality is that cyber criminals continue to innovate.
- Though slow moving, cyber-related litigation is ramping up. Since 2012, there have been a number of privacy class actions certified in Canada, particularly in Ontario, British Columbia, Alberta and Quebec. It's expected that claims against both organizations and their representatives, potentially including directors and officers, will continue to increase.
For permission to reprint articles, please contact the bulletin@blakes.com Marketing Department.
© 2025 Blake, Cassels & Graydon LLP.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
