Skip to main content
Canada’s most-awarded newsroom for a reason
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
Canada’s most-awarded newsroom for a reason
$1.99
per week
for 24 weeks
// //

The average cost of a data breach in Canada hit a record high last year as companies grappled with new cybersecurity risks during the COVID-19 pandemic.

According to a new report from IBM Security, the average cost of a data breach in Canada was $6.75-million per incident in the 2021 survey year. That’s up from $6.35-million the year before and the highest since IBM first included Canada in its survey seven years ago. It’s also higher than the 2021 global average of US$4.24-million ($5.34-million), which in itself is a 10 per cent increase from the prior year and the highest global average in the survey’s 17-year history.

The study suggests cybersecurity efforts may have lagged behind as companies were forced to rapidly adapt to remote work during the pandemic, said IBM Security associate partner Ray Boisvert.

Story continues below advertisement

“This to me is a wake-up call,” Boisvert said, adding companies reported data breaches last year that were not only costly, but also hard to contain. For example, companies surveyed reported a mean time of 164 days to identify they had a breach and 60 days to contain it, one week longer than the prior year’s report.

According to the study, data breaches cost $1-million more on average when remote work was indicated as a factor in the event.

“There was certainly a strong link to remote work,” Boisvert said. “We’re now living in a perimeter-less environment … and trying to defend a multiplicity of inputs becomes very difficult.”

Charles Finlay, executive director of the Rogers Cybersecure Catalyst at Ryerson University, said the sheer volume of varying devices and network connections used by remote workers during the pandemic posed a cybersecurity threat.

“Employees are working from home using insecure Internet networks and computers, and the kind of security measures that would be imposed in a corporate environment in a workplace just are not always present,” Finlay said.

He added that a crisis like the global pandemic can also be easily exploited by cybercriminals – for example, through a phishing e-mail that poses as official health advice.

“We know that fake websites have been set up purporting to provide information on COVID-19,” Finlay said. “So COVID-19 has provided a lot of opportunity, unfortunately, for malicious attackers and cybersecurity. I’m not surprised by IBM’s findings.”

Story continues below advertisement

The survey found nearly half (44 per cent) of the breaches analyzed exposed customer personal data, such as names, emails, passwords, or even health care data. It found compromised user credentials (such as stolen passwords) were the most common method used as an entry point by attackers, representing 20 per cent of breaches studied.

Ransomware attacks are also growing increasingly common, said Finlay, pointing to high-profile incidents so far in 2021 like the Russian-linked cyberattacks on Colonial Pipeline and JBS Foods.

“When I look back at the last year, the most serious development that I see is around the increasingly serious ransomware attacks, in particular around critical infrastructure,” Finlay said. “Ransomware is exploding as a major international security problem. It is a multi-billion global industry.”

The IBM survey analyzed real-world data breaches experienced by 500 organizations worldwide (26 in Canada) between May 2020 and March 2021. It factored in costs to companies ranging from legal, regulatory and technical responses in the event of a cyberattack to loss of brand equity, customers, and employee productivity.

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies