With high-profile security incidents plaguing government websites and energy companies, the latest edition of CIRA’s Cybersecurity Survey has found that Canadian organizations are unprepared to handle and recover from new cyber threats including artificial intelligence (AI). The survey comes as Canada's in-demand security professionals are being advised to adopt a heightened state of vigilance in response to increased global threats.

The annual study found that while most organizations are worried about potential cyber threats from new technology, such as generative AI (68%), few have policies in place to prevent, protect and educate their teams about the nature of these attacks. In fact, only three in 10 (32%) organizations reported having an AI policy in place, despite a rise in automated attacks and data breaches.

As these technologies continue to evolve, so too does the cost of recovering from a cyberattack, which goes beyond financial burden. The survey found that among the organizations that experienced a ransomware attack, 70% paid the ransom demands, and out of those that paid the ransom, 22% paid up to $100,000. Similarly, nearly 30% of organizations experienced a loss of revenue as a result of a cyberattack (up from 17% in 2022), and 24% experienced damage to their reputation.

Other key report highlights

• 68% of organizations are worried about potential cyber threats from generative AI, but only three in 10 (32%) say their organization has an AI policy in place.
• Among the organizations that experienced a ransomware attack, 70% indicated that they paid the ransom demands. Out of those that paid the ransom, 22% paid between $50K - $100K.
• 40% of organizations experienced an employee and/or customer data breach last year (an 11% increase from 2022).
• Most say it took under a month to recover their organization’s IT systems to pre-incident capacity, and just under half (47%) say it took less than a week.
• Nearly 30% of organizations experienced a loss of revenue as a result of a cyberattack (up from 17% in 2022), and one quarter (24%) experienced damage to their reputation.
• Organizations face cyber risks by relying on outdated technology, with 37% of firms report using technology released prior to 2010.