According to the 2026 X-Force Threat Intelligence Index, North America has become the most targeted region in the world, representing nearly one-third of all cyber incidents investigated by IBM’s security teams last year. Analysts say the trend has direct consequences for Canada, where businesses share cloud infrastructure, supply chains, and digital ecosystems closely linked to those in the United States.
The report identifies a 44 percent increase in attacks exploiting public-facing applications, often driven by weak authentication systems and AI tools that help attackers identify vulnerabilities faster. In 2025, exploiting software vulnerabilities became the leading entry point for cyberattacks globally.
More attention to cybersecurity is needed
Security experts note that many Canadian organizations continue to struggle with outdated systems, delayed software updates, and rapidly expanding software-as-a-service environments, all of which create opportunities for cybercriminals.
Stolen credentials remain a central objective for attackers. In North America, the most common impact of cyber incidents is credential harvesting, which allows hackers to gain access to corporate systems using compromised user accounts.
Cybercriminals are also beginning to target artificial intelligence platforms directly. In one example cited by the report, infostealer malware exposed more than 300,000 credentials linked to the AI platform ChatGPT worldwide in 2025, highlighting the risks of adopting AI tools without adequate security protections.
“Canadian organizations are facing a perfect storm of legacy systems, rapid AI adoption, and increasingly automated cyber threats,” said Chris Sicard, security leader at IBM Canada. He warned that the speed at which attackers can now discover and exploit vulnerabilities is making traditional reactive security strategies increasingly ineffective.
Global Trends
The report also highlights several global trends that directly affect Canada’s digital economy. The manufacturing sector remained the most frequently targeted industry worldwide in 2025, accounting for 27.7 percent of attacks, a significant concern for Canada’s advanced manufacturing sector.
Meanwhile, the finance and insurance industries accounted for 27 percent of global attacks, reflecting the high concentration of sensitive financial data in these sectors. Government and public-sector organizations also faced increasing attacks, particularly through phishing campaigns and the misuse of valid login credentials.
IBM researchers say artificial intelligence is now helping attackers automate phishing campaigns, accelerate decision-making, and manipulate digital identities, allowing less-experienced cybercriminals to conduct complex operations previously limited to highly skilled threat actors.
To counter these risks, IBM recommends that Canadian organizations strengthen identity security systems, secure AI platforms as core infrastructure, continuously monitor vulnerabilities across networks and cloud services, and improve patching practices to reduce exploitable weaknesses.
Imagem: Freepik
