Just the Facts
Cybercrime in Canada
Note to readers
Do you have questions about this data release? You are invited to join our AMA (Ask Me Anything) event on Reddit on Tuesday, December 3, 2019 at 1:30 p.m. (ET), to discuss the adoption and use of digital technologies by Canadians and how the proliferation of digital technologies introduces new risks to Canadians who must take steps to protect their online privacy, security, and maintain their wellbeing.*Please note that a Reddit account is required to participate in the discussion.
As the holiday season approaches, many Canadian individuals and businesses will rely on the Internet to help with their holiday shopping. Just how secure are these types of transactions? By using various administrative and survey data sources, Statistics Canada is able to produce statistics on cybercrime and cyber security practices from individual, business and police reported perspectives.
Canadian Internet Use Survey, 2018
- In 2018, Canadians who used the Internet protected themselves while online by: deleting their browser history (61%), blocking emails, including junk mail and spam (60%) and blocking other types of messages (34%). Internet users also took steps to protect their privacy and personal information online by changing the privacy settings on accounts or apps to; limit their profile or personal information (42%) and enable or disable their location (45%).
- In 2018, a majority of Canadian Internet users took some actions to protect their laptop or computer (80%), or mobile device (74%) from cyber security incidents. About half enabled automatic updates on the device’s operating system, while about one in three manually updated their operating system on a regular basis. Although almost half of Internet users used additional cyber security measures beyond the default software to protect their laptop (46%), only about 16% did so with their mobile devices.
- Almost six out of ten (57%) Canadian Internet users reported experiencing a cyber security incident in 2018.
- After a cyber security incident occurred, 71% of Canadians took action by changing passwords more frequently (35%), reporting the incident to the company through which the incident occurred (25%) and/or installing, upgrading or subscribing to a protection software (21%).
Data table for Chart 1
| Percent | |
|---|---|
| Experienced one or more incidents | 57.3 |
| Received fraudulent emails or other messages | 48.0 |
| Getting redirected to fraudulent websites asking for personal information | 18.7 |
| A virus or other computer infection | 11.4 |
| Fraudulent payment card use | 6.2 |
| Hacked accounts or fraudulent messages sent from their accounts | 5.7 |
| Asked to pay a cyber-ransom | 4.5 |
| Identity theft | 2.0 |
| Other abuse of personal information | 2.0 |
| Loyalty program points fraud | 1.3 |
| Other incidents | 1.1 |
Data table for Chart 2
| Actions following a cyber security incidents | Percent |
|---|---|
| One or more actions | 70.8 |
| Changed passwords more frequently | 34.8 |
| Reported the incident to the company through which the incident occurred |
25.2 |
| Installed, upgraded or subscribed to a protection software | 20.7 |
| Deleted accounts associated with the security incidents | 17.5 |
| Started carefully reading terms and conditions related to subscriptions and applications | 15.2 |
| Changed credit or debit card number associated with the incidents | 13.8 |
| Other actions | 7.5 |
| Reported the incident to their Internet service provider | 6.1 |
| Reported the incident to a governmental authority | 4.6 |
| Changed their Internet service provider | 1.9 |
Uniform Crime Reporting Survey, 2018
- In 2018, Canadian police servicesNote reported almost 33,000 cyber-related violations. Half of these were incidents of fraud followed by incidents of child pornography (11%), indecent and harassing communications (8%) and uttering threats (7%).
- Compared to the previous year, police-reported cybercrimes in Canada increased 12% in 2018.Note
Canadian Survey of Cyber Security and Cybercrime, 2017
- In 2017, Canadian businesses spent a total of $14 billion on prevention, detection and recovery from cyber security incidents.
- The vast majority (94%) of businesses in Canada had some level of expenditure to prevent or detect cyber security incidents in 2017. On average, Canadian businesses spent $78,000 on implementing such measures.
- 21% of businesses were impacted by cyber security incidents in 2017.
- More than half (54%) of impacted businesses in Canada reported that cyber security incidents prevented employees from carrying out day-to-day work, while close to one-third (30%) experienced additional repair or recovery costs.
- Sectors in Canada which reported the highest level of incidents included banking institutions (excluding investment banking) (47%), universities (46%) and pipeline transportation (45%). Businesses in these sectors were mostly impacted by incidents to steal money or demand ransom payments in 2017.
- Only 10% of those businesses impacted by cyber security incidents in 2017 reported them to a police service.
Data table for Chart 3
| Cyber security incidents | Percent of businesses |
|---|---|
| Incident(s) with an unknown motive | 8.1 |
| Incident(s) to steal money or demand ransom payment | 8.0 |
| Incident(s) to access unauthorised or privileged areas | 5.3 |
| Incident(s) to steal personal or financial information | 4.8 |
| Incident(s) to disrupt or deface the business or web presence | 4.6 |
| Incident(s) to monitor and track business activity | 2.0 |
| Incident(s) to steal or manipulate intellectual property or business data | 1.9 |
| Source: Statistics Canada, Canadian Survey of Cyber Security and Cybercrime. | |
Information on data sources
The 2018 Canadian Internet Use Survey, sponsored by Innovation, Science and Economic Development Canada, was conducted from November 2018 to March 2019. The survey collected information on the adoption and use of digital technologies by Canadians, including use of the Internet, household Internet access, demand for online activities and interactions online. More information is available here: Canadian Internet Use Survey (CIUS).
The Uniform Crime Reporting Survey measures police-reported crimes against federal statutes in Canadian society and their characteristics. This includes whether the incident was a cybercrime, meaning crimes where Information and Communication Technology (ICT) was the target of the offence, or whereby ICT is integral and vital in the commission of the offence. The respondents for this survey are police services in Canada. More information is available here: Uniform Crime Reporting Survey (UCR).
The Canadian Survey of Cyber Security and Cybercrime examines the impact of cyber security and cybercrime on Canadian businesses. This survey was developed in conjunction with Public Safety Canada. The respondents for this survey are enterprises with 10 or more employees operating in most industrial sectors in Canada. More information is available here: Canadian Survey of Cyber Security and Cybercrime (CSoCC).
- Date modified: