New research from QBE Insurance Group says significant cyber incidents – those they describe as being disruptive, globally significant and successful – have tripled in the past two years in Canada. They jumped from 10 in 2023 to 18 in 2024. The number is expected to reach 32 in 2025, according to the company’s Control Risks Report.
Businesses are receptive to the discussion about cyber risk: 80 per cent say cyber events have increased in Canada over the past year; 53 per cent have experienced a cyber event in the past 12 months, with 18 per cent saying the event resulted in an interruption of one working day or more. Of the 400 Canadian businesses surveyed (survey respondents each have between 100 and 2,000 employees), 35 per cent experienced a cyber event where the disruption lasted less than one working day.
They continue, saying 51 per cent of cyber attacks in Canada resulted in a loss of revenue. A notable 58 per cent of attacks were related to companies’ suppliers. “If they forget to look at their suppliers’ vulnerabilities, they will remain exposed. Risk management will need to look at their entire IT supply chain with focus on their critical suppliers,” says Kyle Gray, QBE technical underwriter and cyber team lead.
Among those surveyed, 28 per cent anticipate increasing their cyber security budget beyond inflation while 41 per cent said their budgets would increase in line with inflation in the coming 12 months.
A notable 25 per cent of the businesses surveyed do not have cyber insurance, despite the fact that 71 per cent are using artificial intelligence and 18 per cent say this will expose them to more cyber risks in the future.
