A new IBM report is raising concerns about the growing scale and cost of cyber threats in Canada. According to the Cost of a Data Breach Report 2025, the average cost of a data breach in the country reached CA$6.98 million, a 10.4% increase compared to 2024, when losses averaged CA$6.32 million. The rising financial impact is felt not only by organizations but also by Canadian consumers.
The study identifies the growing use of unsanctioned artificial intelligence within companies, known as “shadow AI”, as a major contributor to higher breach costs. These tools, often adopted by employees without formal approval, create security gaps and compliance challenges. In Canada, breaches involving shadow AI added an average of CA$308,000 to the total cost of each incident.
Vulnerabilities
Cybercriminals are increasingly exploiting these vulnerabilities to gain access to sensitive data. The report also notes that one in three Canadian organizations lacks proper access controls for AI systems, making them attractive, high-value targets for attackers.
At the same time, the findings show that artificial intelligence and automation can significantly reduce the financial impact of breaches when deployed strategically. Organizations that made extensive use of security AI and automation reported average breach costs of CA$5.19 million, compared to CA$8.53 million for those that did not. These technologies also improved response times, shortening the breach lifecycle by an average of 59 days.
Phishing
Phishing remains the most common initial attack vector in Canada. In 2025, phishing-related breaches cost organizations an average of CA$7.91 million, a 24% increase from the previous year. The financial, pharmaceutical and industrial sectors were among the hardest hit, reflecting the high value of their data and the operational consequences of downtime.
For Canadians, the consequences extend beyond corporate losses. Data breaches can lead to higher prices for goods and services, exposure of personal information such as banking or health records, and disruptions to essential services, including delays and cancellations.
The report recommends that Canadian organizations strengthen AI governance, invest in security automation and expand employee training programs. Integrating AI security with governance tools is highlighted as a crucial step in identifying and controlling shadow AI, thereby reducing exposure and limiting the growing impact of data breaches nationwide.
Image by DC Studio on Freepik
