A new report from Statistics Canada, entitled Impact of cybercrime on Canadian businesses, 2023, has found that cybercrime targeting businesses declined in 2023 while cyber incidents against individuals have climbed since 2018. It also found that total spending on recovery from cyber security incidents doubled from 2021.

“Since 2017, the Canadian Survey of Cyber Security and Cybercrime has collected data on the policies and measures put in place by Canadian businesses to manage cyber security and investigated how cyber security incidents impact their operations,” the researchers write. They add that 16 per cent of Canadian businesses were impacted by cyber security incidents in 2023. “The proportion of businesses impacted by cyber security incidents has been declining since 2019, with 21 per cent of businesses being impacted that year and 18 per cent in 2021.” In contrast, individuals over 15 report rising incidents: 70 per cent experienced a cyber security incident in 2022, up from 58 per cent in 2020 and 52 per cent in 2018.

Ransomware attacks 

Large businesses reported the largest drop in 2023 but remained the most likely to be impacted, they add. They also add that certain methods of attack, including identity theft, scams and fraud, were significantly more prevalent; 13 per cent of companies also reported experiencing a ransomware attack during the study period, up from 11 per cent in 2021.

Total spending on recovery from cyber incidents increased in 2023, doubling from $600-million in 2021 to $1.2-billion in 2023. “Although a lower percentage of businesses fell victim to cyber security incidents, the financial consequences of being hit by incidents are becoming more severe,” they write.

In contrast to recovery spending, total spending on prevention and detection rose at a slower pace to $11-billion in 2023, up from $9.7-billion in 2021. Just over one in four Canadian businesses report having written cyber policies in place in 2023.