Nearly 9 in 10 companies experienced security incident in past 12 months
For the second year in a row, Canadian organizations are reporting a decline in the number of cyberattacks year-over-year.
However, infection rates remain high, with 86.5% of respondents in 2024 indicating a security incident in the past 12 months.
“The overall attack-to-incident success rate has increased, indicating that cyberattacks are becoming more successful and harder to prevent,” according to the report by CDW Canada.
While the number of cyberattacks and infection rate is declining, the success rate of attacks (incidents resulting from attacks) is increasing, notes CDW Canada.
Specifically, Canadian employers are experiencing 20-25 incidents annually across categories like DoS, infiltration, breaches and cloud incidents.
Cyberattacks are hurting employers and the number of companies falling prey to cybercriminals is rising, according to a recent KPMG report.
With the increasing complexity of cyber attacks, few companies have been able to the strategic security level in their cybersecurity programs, finds CDW Canada’s survey of over 700 IT security, risk and compliance professionals.
Just 9.1% of the respondents have a strategic security approach to cybersecurity, according to the report.
The majority either have minimal or ad hoc cybersecurity processes, or have started aligning with industry standards but face challenges in achieving consistency and scalability across their cybersecurity programs.
Nearly half of security and privacy professionals have admitted that employees' information is entered into GenAI tools despite organizations' privacy concerns, according to a previous report.
With the low level of cybersecurity, Canadian employers are struggling to adopt GenAI, according to CDW Canada.
The study reveals, on average, Canadian organizations conducted 17 GenAI proof-of-concepts (PoC) between 2023 and 2024, yet only 28.2% of these transitioned into full production.
The majority cite common barriers to adoption, including:
The rush to integrate GenAI has highlighted gaps in Canadian organizations’ foundational frameworks. However, this provides a key opportunity for organizations to strategically assess their data governance and compliance capabilities at a moment when the full potential of GenAI is still in its infancy, says CDW Canada.
“The competitive advantages of GenAI are undeniable, but rushing into full-scale adoption without a strong security framework is a risk no organization can afford,” says Ivo Wiens, field CTO, cybersecurity at CDW Canada. “This slowdown isn’t a failure but a necessary step for businesses to address foundational security gaps with thoughtful intent.”
The company notes that companies need to tackle these “foundational challenges” to ensure that AI is “deployed responsibly, securely and at scale”.
“The work being done today to align security, compliance and business objectives will ultimately enable organizations to leverage AI’s full potential while minimizing risk. The delay may be a necessary step toward sustainable AI adoption and a healthier security posture overall.”
Earlier this year, the federal government introduced a new National Cyber Security Strategy aimed at strengthening the country’s digital defenses.
Previously, Ottawa launched the Canadian Artificial Intelligence Safety Institute (CAISI) to bolster Canada’s capacity to address AI safety risks.
