The IBM report comes at a time when Canadians are routinely informed of cyberattacks and other breaches that put their data at risk of falling into unauthorized hands. Last year alone, Ticketmaster, AT&T, Giant Tiger, London Drugs, and others were victims of such attacks.

IBM sought to determine not only the extent of the attacks but also their cost – a figure that can include what organizations pay for detection, legal services, crisis management, regulatory fines, consumer compensation, and lost business.

The report was based on an analysis of data breaches experienced by 604 organizations worldwide from March 2023 to February 2024.

Among the 16 countries it examined, Canada had the sixth highest cost of data breaches, following countries including the United States, Germany, and Italy.

Proctor stated, "No one necessarily wants to harm Canadians, but they want to achieve financial gains, and sometimes we are like that weak animal in the wild."

When IBM aggregated data from all the countries it researched, it found that the most common forms of attack included phishing or credential theft or breaches. Phishing attacks involve scammers impersonating trusted figures or login forms to compel victims to enter or disclose sensitive information like passwords or credit card numbers.

Stolen or breached credentials accounted for 16% of the attacks studied, taking an average of longer to identify and contain, with nearly 10 months required.

Phishing came in second, comprising 15% of the attacks, but ultimately its costs were higher.

When IBM conducted an industry-wide study, it found that healthcare, financial services, industrial, technology, and energy sectors faced the highest breach costs, with healthcare entities averaging $9.77 million.

In Canada, financial services and technology companies saw the most expensive breaches, with average costs of $9.28 million and $7.84 million, respectively.

When it comes to managing breaches, organizations are typically required to engage law enforcement, notify customers, and avoid paying ransoms, which may encourage bad actors to carry out more attacks.

Proctor noted that some of these steps likely helped reduce the costs associated with breaches.

However, she admitted that the amounts organizations face during breaches are still exceedingly high and often passed on to consumers.

63% of organizations reported to IBM that they would increase the cost of goods or services due to the breaches they experienced – an increase from 57% the previous year.

Proctor believes that discussing how “the costs flow to us” frequently and publicly could be a good step in addressing “data breach fatigue,” when people become indifferent to the impacts of attacks because there are so many of them and feel their data is already out there.

She stated that artificial intelligence could also be a useful tool, as IBM's research showed that organizations using the technology had breaches that were shorter by 54 days and cost $2.84 million less on average.