EY Canada releases cybersecurity threat outlook for this year

Significant risks in 2024 included phishing, ransomware, data breaches, supply chain attacks
EY Canada releases cybersecurity threat outlook for this year

EY Canada has shared its 2025 cybersecurity threat outlook report, which discusses how C-suite and operational leaders can comprehend the relevant risks, fortify their organization’s defences, and improve data security efforts amid the rapidly evolving, volatile, and uncertain environment. 

Artificial intelligence (AI), Internet of Things (IoT), and 5G have driven progress and innovation among Canadian businesses and have altered the landscape of threats and risks that they face, while geopolitical tensions, social shifts, financial pressures, and worldwide upheaval have further complicated this landscape, according to a news release from EY Canada. 

Last year, Canadian organizations encountered cyber risks, high-profile vulnerabilities, and cloud environment threats. EY explained that the most significant threats included: 

  • phishing attempts such as business email compromise (BEC) 
  • ransomware through affiliate programs and ransomware-as-a-service (RaaS) schemes 
  • state-sponsored threat actors, led by China and Russia 
  • supply chain attacks aiming to take advantage of vulnerabilities among third-party vendors, suppliers, or service providers 
  • data breaches arising from third-party vendor compromise and seeking to exploit weak security and access sensitive data or networks 
  • IoT environment threats targeting organizations that depend on digital infrastructure 
  • DDoS attacks intending to deplete resources such as bandwidth or memory 
  • deepfake-driven attacks, which are meant to bypass traditional controls and utilize psychological manipulation 

EY noted that cybercrime is increasing exponentially every year. Its report delves into the particular cyber threats that business leaders should monitor in 2025. 

What leaders can do

EY’s report recommends ways for Canadian businesses and their leaders in the cybersecurity area to improve their resilience amid the persistent digital threats in this unpredictable environment. According to EY: 

  • Cybersecurity operations teams should address daily threats through innovation and AI and should maintain a balance between security and efficiency 
  • Chief executive officers (CEOs) should focus on security and promote cybersecurity resilience while continuing to advance their organizations’ goals 
  • Chief information security officers (CISOs) should adopt proactive management, foresight, and coordination measures to transform executive vision into defences against cyber threats 

In its news release, EY shared that 66 percent of surveyed CISOs expressed concerns that current cybersecurity threats were more advanced than their organizations’ defences, which made them more likely than the rest of the C-suite to harbour such worries.