The Cybersecurity Threat Landscape of Canada’s Top Sectors


Our recent security study, Innovation in Cybersecurity: Approach, Tools and Technologies, reveals that the financial services, government, retail, healthcare and education sectors have all experienced significant cybersecurity incidents over the last year. Now more than ever, malicious actors are looking to take advantage of the changing business landscape. With the average security breach costing between $7 million and $8.7 million, our findings show that threats are accelerating against all types of organizations.

Here’s an industry snapshot of the attacks, security gaps and cost-of-compromise facing Canada’s five major industry sectors today:

Financial services

Due to the nature of financial services’ extremely sensitive and valuable data, information security is paramount to these organizations. Our survey shows that at least one attack occurs against financial services every day, with an average of 708 attacks per organization each year. This sector runs the highest risk of intellectual property and customer data breaches from cybercriminals than any other sector. Despite being able to mitigate these attacks before they turn into incidents 86 percent of the time, in the event of a breach, the average costs incurred to recover from an attack ranges upward of $8.4 million. Though financial services organizations tend to place a greater emphasis on prevention than other sectors, one of the biggest issues is third-party partner risk, with 82 percent of respondents having experienced a security breach because of the poor security practices and hygiene of a third-party partner. A strong cybersecurity posture goes beyond governance, risk management and compliance (GRC) – it’s critical for financial services, like all sectors, to thoroughly assess third-party partnerships and processes in order to prevent future attacks.


Government bodies receive an average of 460 attacks each year per organization, mitigating 76 percent of those attacks before they turn into incidents. The cost of a breach is particularly high in this sector, as the average costs to respond to and recover from attacks range from $8.2 to $13.9 million, with only four percent of government respondents are highly confident in their organizations’ ability to prevent cybersecurity breaches. Additionally, despite GRC remaining a primary skillset challenge among existing employees, governments report a lower than survey average (46 percent compared to 49 percent, respectively) of difficulty hiring qualified candidates. This demonstrates that beyond hiring, ongoing training and education is key to ensure that employees understand how to identity evolving security gaps, implement preventative measures and mitigate attacks that do inevitably occur.


Amid the global pandemic, nearly all commerce has gone digital. Retail has been one of the hardest hit sectors by stay-at-home orders and lockdowns. This has been particularly challenging for small and medium businesses, with many organizations being forced to offer online solutions for the first time to maintain business continuity. Unfortunately, this has exposed critical security gaps, as retailers are attacked an average of 479 times each year, with one quarter (25 percent) of those attacks turning into full-blown incidents. When these attacks successfully become incidents, the average cost to respond to and fully recover from an attack ranges from $8 million to $12.7 million. This shows that the importance of cybersecurity is paramount, yet only 17 percent of retail respondents are highly confident in their organizations’ ability to prevent cybersecurity breaches. Among the many challenges facing the retail sector in today’s environment, it’s clear that cybersecurity is one of the most pressing and needs to be prioritized in order to avoid falling victim to malicious actors.


Healthcare organizations are among the most vulnerable to cybersecurity threats across all sectors due to the critical focus on protecting information and sensitive data from unauthorized access, use and disclosure. This results in an average of 683 attacks per healthcare organization every year, ranging from $6.9 million and $8.4 million in total cost. Despite these high numbers, healthcare organizations mitigate 88 percent of attacks before they turn into incidents, which his higher than any other sector. Though healthcare organizations have taken positive steps towards ensuring patient safety and stricter cybersecurity protocols through adoption of solutions like zero trust architecture, software as a service (SaaS) and artificial intelligence and machine learning (AI/ML) technologies, a concerning 80 percent of healthcare organizations have experienced a security breach because of the poor security practices of a third-party partner. This demonstrates that while it’s imperative for healthcare organizations to ensure the movement of information to cloud systems and other IT solutions are implemented securely, it’s equally as important to ensure this is done with the right partners to ensure both patient and organizational data is kept safe from potential exposures.


Surprisingly, despite the rapid increase in online learning over the last year, education organizations are attacked significantly less than other sectors, with an average of 243 attacks occurring per organization each year. Still, the cost of a breach remains at a record high for this sector, ranging from $5.9 to $11.3 million to respond to and fully recover from attacks. This sector faces major annual challenges, such as lack of resources and funding, and is now facing additional virtual learning challenges that drastically increase security risk. As remote education and online learning continue across the country, only six percent of respondents are highly confident in their organizations’ ability to prevent cybersecurity breaches. Additionally, more than half (58 percent) do not feel that executive leadership is prioritizing security best practices. This is extremely concerning and demonstrates that while education has been a leader in digital transformation and solutions adoption during the pandemic, there is still work to be done for cybersecurity to be prioritized in order to ensure long-term sustainability in a digital world.

As organizations across all sectors continue to face increasing cybersecurity threats, it has never been more important to implement both preventative and reactive solutions to ensure business continuity. At CDW Canada, we offer a robust security practice that combines the industry’s highest-quality services, solutions and best practices to protect customers’ assets from every angle in every sector. To learn more about how we can help you achieve your IT security objectives, visit or download the 2021 CDW Security Study at