Ransomware attacks cost Canadian organizations a staggering $1.1 million

The average cost of this damaging form of cyberattack has soared 150% in 2 years

Ransomware attacks cost Canadian organizations a staggering $1.1 million

Canadian financial firms have long been potential targets for cyber criminals, but the cost of one particularly damaging type of cyberattack has risen exponentially in the last two years.

A new study from cybersecurity specialists Palo Alto Networks, conducted by the Angus Reid Group, found that the average cost of a ransomware attack for Canadian organizations is more than $1.1 million in 2023 compared to $458,247 in 2021 – a 150% increase.

The survey of IT decision makers at Canadian organizations with 100-1,000 employees shows that the share of firms impacted by ransomware attacks has actually declined to 35% in 2023 compared to 37% two years earlier. There has also been a decline in the share who paid the ransom (34% vs. 45%).

However, for those that did pay, 36% faced a cost above $1 million this year, up from 8% in 2021. The average amount demanded has more than doubled to more than $906K.

While the financial sector remains at risk, the manufacturing, construction, and health care sectors are the most targeted by ransomware attacks, the survey found.

"The threat landscape in Canada has evolved since the first Ransomware Barometer study as more and more businesses recognize the need to be proactive and have the right security strategy in place to prevent attacks, and to lessen the impact of an attack," said Daniel Roy, vice president and Canada country manager at Palo Alto Networks. "The study found that since 2021, companies are doing their share to improve their security posture by investing in cybersecurity as well as prioritizing employee training to better combat emerging threats."

Existing and emerging risks

The report also highlights emerging risks facing Canadian organizations with seven in ten respondents saying that AI has increased the threat level they face, although breaches, phishing and ransomware remain as top threats.

Emerging risks driven by AI technology include:

  • Automated phishing (21%)
  • Data privacy risks (21%)
  • Advanced cyberattacks (19%)

A positive takeaway from the report is that businesses are investing more in protecting themselves, although 70% of respondents think the federal government should do more to protect Canadian businesses from the risks.

"In the two years since the first study, Canadian organizations have largely taken a proactive approach to improving their security posture," said Demetre Eliopoulos, senior vice president of Public Affairs at Angus Reid. "However, organizations are also paying a significantly higher cost than two years ago. As a result, Canadians IT decision makers are expecting the Federal Government to step up in helping organizations better protect themselves against emerging threats."

The danger posed by AI has been raised in other recent reports including KPMG’s survey that showed that generative AI is a double-edge sword.