Skip Navigation

Preaching to Evade Breaching: The Latest Trends in Canadian Cybersecurity

February 27, 2024

It has been said many times before but it cannot be said enough: the most effective way to avoid cybersecurity threats is to remain vigilant and prepared. Cyber-attacks are constantly evolving, and organizations must adapt to mitigate the risk of a breach and the damages that come with it.

To help you stay informed, we share key points on the most significant developments in cybersecurity regulations, case law and best practices on how to manage cyber threats.

  1. Cyber-Attacks More Widespread. After a brief decline in cyber-attacks attributed to the 2022 onset of the Ukraine-Russia war, cyber-attacks have ramped up again. In particular, small and mid-size firms are being increasingly targeted. As such, these organizations are being forced to confront the risks of cyber-attacks and deploy greater resources to prevent them. 
  2. Industry-Specific Guidelines. Acknowledging that cybersecurity risk management solutions are not one-size-fits-all, Canadian regulators have put forward tailored best practices and established guidelines. Notably, the Office of the Superintendent of Financial Institutions released its Guideline B-13 last year and the Canadian Association of Pension Supervisory Authorities’ guideline remains in draft form.
  3. Trends in Litigation. Class actions against breached companies persist. In B.C., the Court of Appeal's decision in Ari v. Insurance Corporation of British Columbia emphasized the risks of internal breaches, holding the company vicariously liable for an employee's intentional sale of private customer information. 
  4. New Legislation. Two federal legislative advancements are currently under committee consideration. Bill C-27, the Digital Charter Implementation Act, amends the obligations of private-sector organizations regarding personal information and introduces significant new administrative monetary penalties and fines. The bill also introduces obligations for organizations that develop or use artificial intelligence. Bill C-26, the Critical Cyber Systems Protection Act, aims to secure critical cyber systems in federally regulated sectors. Provincially, B.C., Quebec and Alberta are implementing new legislation or reviewing existing privacy laws.
  5. Ransom Demands. An emerging and more destructive ransom trend is gaining momentum. It involves threat actors destroying backups, rendering them useless following the encryption of an organization’s systems and, thereby, increasing the possibility of a ransom payment. This tactic poses a significant challenge, particularly to small and mid-size organizations that have bigger cybersecurity gaps.

Have more than five minutes? Contact Cathy Beagan Flood, Sunny Handa, Alexandra Luchenko, Birch Miller or any member of our Cybersecurity group. You may also view our recent webinar on this topic and download the 2023 edition of our Canadian Cybersecurity Trends Study. Lastly, here are links to the Ari case and Bill C-27 and Bill C-26 noted above.