Canadian Cybercrime Statistics & Good Advice to Avoid Attacks

Thanks to Ethan Payne at Broadband Search for researching this article.  You can reach him at

More and more Canadian businesses rely on the internet for their day to day operations. The change is to be expected, and it has significant advantages. However, there are also disadvantages to take into account, not least of which is the increase in reported cybercrime incidents.

Whenever there is a new avenue for it, criminals will find a way to carry out criminal activity. In the case of Canadian businesses, that means targeting them for hacking, data breaches, and general data theft.

With a whopping 92% of businesses in Canada reporting they relied on digital technology, there is a huge potential for cybercrime. Social media and business websites are just a couple of the avenues that can be used to target them. Cloud storage and computing and even smart devices and technology can also be targeted for possible vulnerabilities.

What is cybercrime?

Cybercrime defines any type of crime that is committed via the internet, or with the help of a computer. Contrary to popular belief, cybercrime isn’t just hacking people’s computers. It’s also online bullying, stalking, and scamming users via phishing emails.

All the popular scams you know from back in the 90s – including everyone’s favorite, the Nigerian Prince, fall under the definition of cybercrime. The types that do the most damage, however, are hackings and data breaches that target Canadian businesses.

Many people make the mistake of thinking that only major companies fall victim to this kind of crime, but they couldn’t be more mistaken. Small and medium businesses are particularly vulnerable to this kind of cybercrime, because they are less likely to have a strong security system in place.

Cybercrime is underestimated and under-reported

The problem with cybercrime, besides the fact that it’s so widespread, is that it is vastly underestimated, and thus, under-reported. While 1 in 5 Canadian businesses said that cybersecurity attacks impacted them, very few of them have actually taken steps to report the incidents to the police.

According to 2017 reports, only around 10% of the businesses that suffered as a result of a cyber security attack actually went on to make a police report denouncing the incident.

This is, partly, because of a widespread lack of understanding about how serious this type of crime is. It is also due to a general lack of faith that anything can actually be done to identify or stop these criminals.

Canadian cybercrime statistics

Cybercrime affects a very large number of people every year, in every part of the world. Businesses everywhere fall victim to cyber attacks, but how do Canadian businesses measure up? Here are some important Canadian cybercrime statistics.


The victims of cybercrime are not responsible for the fact that they’ve been targeted. However, there are things that all businesses (and individuals!) can do to mitigate risks. Certain behaviors and practices increase the risk that a business will fall victim to a cyber attack:

  • Failing to use anti-malware/anti-virus software

The first thing a business should take care of, when it comes to security, is to invest in proper software for malware prevention and detection. Not using this measure as a precaution puts your business at increased risk of being attacked by an entity that targets you for the customer data that you have, financial information, or other valuable info.

However, each and every employee and collaborator that has access to potentially compromising information needs to use this kind of protection. Otherwise, you may still be at risk.

  • Not enough control over employee devices

And speaking of employees, they are actually one of the primary risk factors. Ideally, you’d have some control over the devices they use and their behavior, in relation to security. Allowing employees to use work devices for personal reasons is a security risk, as is allowing them to use personal devices for work purposes.

In 2017, an alarming number of businesses (2/3, to be exact), regardless of size, made the mistake of allowing employees to use their own devices for work purposes. This was allowed without first ensuring that there is security software in place in order to protect these devices and the sensitive data on them.

This is especially true for most small businesses (64%), thus reinforcing the bias towards them. Large and medium businesses were better equipped, with only 21% and 46%, respectively, lacking security measures.

If you own a small business, you are at greater risk of becoming a target because of this kind of confirmation bias.

  • Improper data storage

The way you store sensitive and important data can also put you at greater risk for a breach. You see, certain storage methods may seem harmless, but they’re actually the factors of increased risk for your business.

  1. Storing on an unencrypted hard drive

You may think that as long as you keep all your sensitive data on your computer or an external hard drive, you’ll be just fine. But that’s not really true. You see, an unencrypted hard drive is a major risk. Anyone can steal your device or just the hard drive and gain access to all the private information that is on it.

The correct way to protect it is to encrypt it. Thankfully, there is encryption software available that makes the job quick, easy, and relatively painless.

2. Storing on CDs

There is no need to talk about why using CDs and DVDs as storage is antiquated and potentially risky. They are not only prone to deteriorating, but they can easily be stolen, copied, etc. The information on them can be very easily compromised.

3. Storing on a device that is not password-protected

Is there anyone who doesn’t password-protect their device in 2020? If the answer is yes, you’ve got your risk factor, right there. This doesn’t even require hacking or any sophisticated technology to steal important information: you’re basically offering it up on a platter.

4. Storing on web hosting services

Cloud storage is known to be one of the most secure options for data storage. However, even this can put your business at risk. Anytime a business allows a third-party to gain access to sensitive or private information, there is a risk that this data may become compromised. This includes client information, but also financial information.

When using cloud storage, one must still use their own security measures, such as encryption. However, over half of small businesses failed to do so, and even 1/5 of large businesses put themselves at risk in this manner.


Okay, so now we know that a significant number of Canadian businesses are affected by cyberattacks. But let’s talk about the impact and the damage that cybercrime produces.

  • 6% of Canadian businesses claim that their reputation suffered as a result of cyberattacks, while 10% say that their loss included financial impact.
  • Of the businesses that were targeted, just over half report that cyber attacks interfered with normal daily tasks and business. 30% also report that these incidents required additional costs to recover or repair what was damaged.

Cost of prevention

The good news is that preventing cybercrime or protecting your business against it is possible. The bad news is that the cost can be debilitating to small businesses. Almost every business in Canada has invested money in prevention and detection of cybercrime in 2017. $78,000 is the average expenditure of Canadian businesses in order to implement security measures.

Small businesses spend only an average of $44,000, with medium-sized ones spending more than double, at $108,000, and large businesses spending an eye-watering $922,000 in order to protect themselves against cyberattacks and the inevitable data loss that would follow them.

It is especially important for businesses and institutions from certain niches to implement protective measures, as they are more likely to be targeted for theft or ransom. This includes pipeline transportation, universities, and banks.


All in all, cybercrime is becoming quite the problem for individuals, but especially for businesses. A significant percentage of Canadian businesses are targeted by cybercriminals every year. Especially as all businesses are relying on the internet and technology more and more, it is increasingly simple to find weak or vulnerable spots to exploit.

Criminals tend to target small businesses in particular, as their security tends to be weaker, compared to larger businesses. Cybercrime prevention involves quite an investment, and a lot of small businesses cannot afford it.

But it is not only prevention that comes at a cost; cleaning up the aftermath of a cyberattack comes with its own set of costs and drawbacks. Businesses often cannot maintain normal everyday operations, and must spend time and money fixing the issues created by the hack, data breach, etc.


You can also find more information on 2Ascribe’s web site regarding privacy breeches and legislation at


2Ascribe Inc. is a medical transcription services agency located in Toronto, Ontario Canada, providing medical transcription services to physicians, clinics and other healthcare providers across Canada. Our medical transcriptionists take pride in the quality of your transcribed documents. WEBscribe is our client interface portal for document management. 2Ascribe continues to implement and develop technology to assist and improve the transcription process for physicians and other healthcare providers, and recently introduced AUTOfax. AUTOfax works within WEBscribe to automatically send faxes to referring physicians when a document is signed off by the healthcare professional. As a service to our clients and the healthcare industry, 2Ascribe offers articles of interest to physicians and other healthcare professionals, medical transcriptionists and office staff, as well as of general interest. Additional articles may be found at


You might also enjoy

AI Bias

The results created by an AI model can be considered