From large-scale ransomware attacks targeting government agencies to phishing scams siphoning millions from unsuspecting Canadians, cybersecurity has become one of the most pressing concerns for the country in 2025. As cyber threats evolve in complexity, experts warn that Canada must act swiftly to protect its critical infrastructure, businesses, and citizens from malicious actors.
The CRA has been a frequent target of phishing scams, where fraudsters impersonate the agency to deceive Canadians into providing personal information. These scams often involve fake emails or text messages claiming to offer refunds or demanding payments. For instance, in February 2024, the Canadian Anti-Fraud Centre reported a surge in such phishing attempts, cautioning citizens to remain vigilant.
On October 23, 2023, a ransomware attack targeted five hospitals in southwestern Ontario, compromising the private records of hundreds of thousands of employees and patients. The affected hospitals included Windsor Regional Hospital, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health, and Chatham-Kent Health Alliance. This cyberattack disrupted services, leading to postponed surgeries and appointments, and necessitated the transfer of radiation treatments for cancer patients to other facilities.
According to CBC, these cyberattacks cost organizations at least $7.5M.
Against this backdrop, Canada has ramped up efforts to fortify its cybersecurity landscape, with federal and provincial governments rolling out strategic investments and policies to enhance digital resilience.
Federal Government Takes Action
On February 6, 2025, the Government of Canada introduced a new National Cyber Security Strategy (NCSS), emphasizing a comprehensive, whole-of-society approach. This strategy prioritizes collaboration across government, law enforcement, industry, Indigenous communities, academia, and international allies to strengthen Canada’s cyber defenses.
The above cited press release also highlights that an initial investment of $37.8 million over six years has been allocated to bolster cybersecurity initiatives, focusing on securing critical infrastructure, improving threat intelligence sharing, and enhancing cyber incident response capabilities.
Additionally, in May 2024, the Treasury Board of Canada Secretariat unveiled the government’s first Enterprise Cyber Security Strategy, backed by an $11.1 million investment over five years. This strategy aims to ensure a proactive, whole-of-government approach to cyber risk management and the protection of sensitive information.
Provincial Governments and Local Bodies Step Up
As cybersecurity concerns grow, provincial governments are also taking proactive steps to protect their citizens and public services.
British Columbia (B.C.) has emerged as a leader in digital security, signing an agreement with the Canadian Centre for Cyber Security to improve collaboration and cyber defense capabilities. Additionally, B.C. has launched the BC Wallet app, a digital credential and trust initiative designed to enhance online security for residents and businesses.
In December 2024, Nova Scotia Power submitted a request to the Nova Scotia Utility and Review Board for approval of a $6.8 million investment in cybersecurity upgrades. This initiative underscores the company’s commitment to safeguarding its infrastructure against escalating cyber threats.
This development aligns with broader efforts across Canadian provinces to enhance cybersecurity measures, reflecting a nationwide emphasis on protecting critical infrastructure from potential cyberattacks.
The State of Cybersecurity in Canada: 2025
While Canada has made significant strides in strengthening its cyber resilience, challenges remain. Experts point to several gaps in the country’s cybersecurity framework that could leave key sectors vulnerable.
One major concern is the lack of skilled cybersecurity professionals. Canada faces a shortage of trained personnel, making it difficult for both the public and private sectors to keep up with emerging threats. A recent report from the Canadian Internet Registration Authority (CIRA) highlighted that businesses and government agencies struggle to fill cybersecurity roles, leading to gaps in defense mechanisms.
Another pressing issue is outdated infrastructure. Many government agencies and critical service providers still rely on legacy IT systems that are susceptible to modern cyber threats. Experts stress the need for increased investment in modernization efforts to prevent future breaches.
Additionally, concerns have been raised about the slow pace of regulatory updates. Cybercriminals continuously adapt their tactics, yet some of Canada’s cyber laws and frameworks have not been updated to address emerging threats such as AI-powered cyberattacks and cryptocurrency fraud.
Looking Ahead
While recent investments at the federal and provincial levels indicate a growing commitment to cybersecurity, more needs to be done to bridge existing gaps. Experts urge the government to accelerate efforts in workforce development, infrastructure modernization, and regulatory reform to ensure that Canada remains resilient in the face of escalating cyber risks.
With cyberattacks growing in sophistication, the question remains: Can Canada keep up with the fast-changing digital battleground? The answer will depend on how swiftly and effectively the country implements its cybersecurity strategies in the years to come.
