Ransomware attacks cost Canadian organizations a staggering $1.1 million

The average cost of this damaging form of cyberattack has soared 150% in 2 years

Ransomware attacks cost Canadian organizations a staggering $1.1 million

Canadian financial firms have long been potential targets for cyber criminals, but the cost of one particularly damaging type of cyberattack has risen exponentially in the last two years.

A new study from cybersecurity specialists Palo Alto Networks, conducted by the Angus Reid Group, found that the average cost of a ransomware attack for Canadian organizations is more than $1.1 million in 2023 compared to $458,247 in 2021 – a 150% increase.

The survey of IT decision makers at Canadian organizations with 100-1,000 employees shows that the share of firms impacted by ransomware attacks has actually declined to 35% in 2023 compared to 37% two years earlier. There has also been a decline in the share who paid the ransom (34% vs. 45%).

However, for those that did pay, 36% faced a cost above $1 million this year, up from 8% in 2021. The average amount demanded has more than doubled to more than $906K.

While the financial sector remains at risk, the manufacturing, construction, and health care sectors are the most targeted by ransomware attacks, the survey found.

"The threat landscape in Canada has evolved since the first Ransomware Barometer study as more and more businesses recognize the need to be proactive and have the right security strategy in place to prevent attacks, and to lessen the impact of an attack," said Daniel Roy, vice president and Canada country manager at Palo Alto Networks. "The study found that since 2021, companies are doing their share to improve their security posture by investing in cybersecurity as well as prioritizing employee training to better combat emerging threats."

Existing and emerging risks

The report also highlights emerging risks facing Canadian organizations with seven in ten respondents saying that AI has increased the threat level they face, although breaches, phishing and ransomware remain as top threats.

Emerging risks driven by AI technology include:

  • Automated phishing (21%)
  • Data privacy risks (21%)
  • Advanced cyberattacks (19%)

A positive takeaway from the report is that businesses are investing more in protecting themselves, although 70% of respondents think the federal government should do more to protect Canadian businesses from the risks.

"In the two years since the first study, Canadian organizations have largely taken a proactive approach to improving their security posture," said Demetre Eliopoulos, senior vice president of Public Affairs at Angus Reid. "However, organizations are also paying a significantly higher cost than two years ago. As a result, Canadians IT decision makers are expecting the Federal Government to step up in helping organizations better protect themselves against emerging threats."

The danger posed by AI has been raised in other recent reports including KPMG’s survey that showed that generative AI is a double-edge sword.

Recent articles & video

Hudbay Minerals settles lawsuits alleging human rights abuses in Guatemala

Roundup of law firm hires, promotions, departures: October 7, 2024 update

BLG, Book Erskine, Hammond Flesias act in $3.5-million commercial case

SCC to hear cases on investigative detention, inmate discipline hearings, fitness to stand trial

Airlines must reimburse passengers according to federal regulations, SCC rules

David Sowemimo: Top 25 influential lawyer advocating for justice

Most Read Articles

BC Supreme Court rejects employer's attempt to move employment dispute to arbitration

BC Supreme Court dismisses claim to waive solicitor-client privilege in family law dispute

Alberta Court of King's Bench orders sale of estate lands, ending 30-year dispute among heirs

BC privacy commissioner to decide whether to tell Airbnb hosts about requests for their data