In terms of geography for attacks on critical sectors, the United States bore the brunt of attacks (61%), followed by the United Kingdom (6%) and Canada (5%).

Canadian middle market firms are less likely to have cyber insurance coverage than U.S. companies (68% versus 82%).

On average, Canadian respondents at middle market organisations have larger cybersecurity teams, with 39% saying they have 16 or more employees, compared to 11% in the U.S..

A smaller share of Canadian middle market firms indicate they don't have AI governance in place compared to U.S. respondents (5% versus 20%).

37% of Canadian organisations are planning to adopt MDR services in the near future.

In the past 12 months, 87% of Canadian organisations have reported experiencing a security incident.

28% of GenAI PoCs successfully transitioned to full production in Canadian businesses.

41% of Canadian organisations have already adopted MDR services.

44% of Canadian organisations cite system integration complexities as a common barrier to GenAI adoption .

Between 2023 and 2024, Canadian businesses conducted an average of 17 GenAI proof-of-concepts (PoCs).

Canadian organisations experience an average downtime of 14 days due to increasingly effective cyberattacks.

64% of Canadian organisations cite data privacy concerns as a common barrier to GenAI adoption.

61% of Canadian organisations report that their public cloud environments have been the most impacted by cyberattacks.

There has been a 10% year-over-year increase in the length of downtime per security incident on Canadian organizations.

57% of Canadian organisations cite skills shortages as a common barrier to GenAI adoption .

Canadian organisations conducting annual security testing indicated an average of 23 incidents and 33 breaches in their cloud environments compared to 25 incidents and 29 breaches respectively for those without regular testing .