Skip to main content
  • Cybersecurity

New poll suggests majority of Canadian organizations struck with ransomware pay demands

By Delphine Avomo Evouna
Communications Specialist

OTTAWA, ON – October 4, 2021 – At a time when more people are working from home than ever before, organizations have introduced new security measures to meet increased pressure from hackers. The latest edition of CIRA’s annual Cybersecurity Survey shows that over one-third (36 per cent) of Canadian cybersecurity professionals feel the volume of cyber attacks has increased during the pandemic. Nearly all (95 per cent) of the 510 security professionals surveyed say that at least some of their new protections will remain permanent.

“It feels like the pandemic forced ten years of cybersecurity adoption to happen in about ten weeks,” said Mark Gaudet, CIRA general manager for cybersecurity and DNS services. “The pivot to work-from-home and employees using their own devices really increased the number of security threats facing organizations, and the bad guys did everything they could to take advantage of the situation. But our survey shows that Canada’s security pros didn’t take it lying down. They got to work and implemented new policies, technologies, and security training boot camps for staff—protections they plan to keep in place long after the pandemic.”

The full findings are featured in this year’s CIRA Cybersecurity Survey, which comes on the heels of high-profile ransomware attacks affecting hospitals, police services*, and major energy pipelines, amongst others. The data shows that, over the past year, roughly one in five (17 per cent) Canadian organizations experienced this type of attack. Of those, more than two-thirds (69 per cent) say they paid the ransom, suggesting that a majority simply fork over the cryptocurrency to avoid the downtime, reputational damage, and costs that result from not paying.

The survey’s release comes one day ahead of CIRA’s participation in MapleSEC—Canada’s newest, most hands-on cybersecurity conference—which takes place October 5-7 via webcast. Businesses, not-for-profits, governments, and security professionals from across the country will come together to discuss the challenges facing the sector as well as what steps are required to keep our networks secure.

Key Findings

  • Nearly all (95 per cent) indicate that at least some of their new COVID-19-related cybersecurity protections will be permanent.
  • Survey data suggests a substantial majority of Canadian organizations pay ransomware demands. Of the almost one in five (17 per cent) that experienced an attack in the past 12 months, most (69 per cent) say they paid.
  • Nearly two-thirds (64 per cent) support legislation that would prohibit paying ransom demands.
  • Over one-third (36 per cent) indicate that the number of cyber attacks has increased during the pandemic, up from 29 per cent saying so this time last year.
  • Six in 10 (59 per cent) organizations have cybersecurity insurance coverage as part of their business insurance. Three in 10 (29 per cent) have a cybersecurity-specific policy.
  • Most organizations with cybersecurity coverage say their provider has increased premiums or requested new forms of proof of the corporate cybersecurity measures in place.

Additional Resources

About CIRA

CIRA (The Canadian Internet Registration Authority) manages the .CA top-level domain on behalf of all Canadians. CIRA also develops technologies and services—such as CIRA DNS Firewall and CIRA Canadian Shield—that help support its goal of building a trusted internet for Canadians. The CIRA team operates one of the fastest-growing country code top-level domains (ccTLD), a high-performance global DNS network, and one of the world’s most advanced back-end registry solutions.


*Correction (10/6/21): The initial version of this press release misidentified the Sault Ste. Marie Police as an “RCMP detachment.” The version below has been amended.