Cybersecurity threats continue to grow and evolve, increasing pressure on organizations to maintain operational resilience and protect their key assets, such as critical infrastructure and sensitive data. As cyberattacks become more sophisticated and frequent, businesses must stay well-positioned to address immediate threats and anticipate future risks.
Below are some key issues to consider to help you navigate this ever-changing environment.
- Cybersecurity Stats. Ransomware remains the top cyber threat, accounting for 60% of attacks. From the data we studied, ransom demands averaged C$925,000, but they can reach much higher amounts, such as US$50-million for larger enterprises. The percentage of organizations paying ransoms has decreased to 47% from 50–60% in past years. Smaller businesses are increasingly being targeted due to resource limitations, while larger enterprises have become less alluring as a result of having stronger fortifications in place.
- Artificial Intelligence Threats. Artificial intelligence (AI) is increasingly introducing sophisticated threats such as “deepfakes.” These AI-driven attacks can mimic trusted individuals by using information fed into AI tools to enable phishing emails, fraudulent phone calls and even video interactions. This growing trend requires enhanced security measures to counter the rising use of AI in cyberattacks.
- Preparedness. Effective preparedness continues to be critical in minimizing risks and enhancing resilience. Being cyber-ready includes updating cybersecurity policies, training employees, conducting tabletop exercises and prearranging vendor agreements with breach coaches and forensic experts. Regularly reviewing incident response plans ensures teams are ready to act decisively and manage incidents effectively.
- Legal Privilege. Legal privilege remains a critical part of effectively responding to a cybersecurity incident. Establishing privilege at the outset of any cybersecurity issue is essential, including involving legal counsel and correctly creating an investigation plan to strengthen an organization’s ability to claim legal privilege.
- Regulatory Impact. In Ontario, the Personal Health Information Protection Act imposes fines of up to C$500,000 for mishandling health data. Amendments to Quebec’s Private Sector Privacy Act require data retention justification and anonymization and allow individuals to request personal data in digital formats. These amendments are in keeping with global trends requiring disclosure of cybersecurity incidents with the potential for significant penalties for non-compliance.
Have more than five minutes? Contact any member of our Cybersecurity group or watch our recent webinar on this topic.
More insights
Blakes and Blakes Business Class communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. We would be pleased to provide additional details or advice about specific situations if desired.
For permission to republish this content, please contact the Blakes Client Relations & Marketing Department at [email protected].
© 2024 Blake, Cassels & Graydon LLP
