TORONTO, ON (August 8, 2025) — Cyberattacks are hitting Canadian companies harder than ever, with data breaches now costing an average of $6.98 million per incident, according to the newly released IBM Cost of a Data Breach Report. That figure marks a 10.4% increase over last year’s average of $6.32 million per breach — a clear sign that the financial toll of cybersecurity failures is rising fast and spilling over into everyday life for Canadians.
The report paints a stark picture of escalating security incidents and their ripple effects beyond corporate walls. From compromised banking data to disrupted services and higher consumer prices, data breaches are having a real-world impact on consumers across the country, including in Ontario.
Financial Sector Hit Hardest, Shadow AI Adds Risk
According to IBM, the financial industry suffered the highest breach costs in 2025, with each incident costing companies approximately $9.97 million, up from $9.28 million the year prior. The industrial sector followed close behind, losing $8.39 million per breach, while the pharmaceutical industry reported an average loss of $7.99 million.
“These organizations are particularly vulnerable because they can’t afford downtime,” the report notes, making them prime targets for increasingly sophisticated cybercriminals.
In addition to traditional phishing scams — including spear phishing, smishing (SMS), and whaling attacks targeting executives — the report highlights a growing concern: “shadow AI.” This refers to employees using unsanctioned AI tools to perform work tasks, inadvertently creating security gaps and compliance issues that leave companies exposed.
“Shadow AI dramatically increases an organization’s attack surface,” the report warns. “While employees may mean well, using unapproved tools can lead to breaches that compromise sensitive data and escalate financial losses.”
The Consumer Cost: From Stolen Data to Higher Prices
While the headline figures may shock boardrooms, the true cost of data breaches is also being felt by everyday Canadians.
“Data breaches don’t just hit businesses where it hurts; they ripple out to impact everyday Canadians,” said Daina Proctor, IBM Canada’s Security Delivery Leader, in a statement to Metroland Media.
According to the report, companies often pass on breach-related costs to consumers through higher prices for goods and services. Meanwhile, the loss of personally identifiable information (PII) — such as banking details, health records, or Social Insurance Numbers — can lead to identity theft, financial fraud, and major privacy violations.
Cyber incidents can also trigger widespread service disruptions. Missed medical appointments, cancelled shipments, and delayed access to vital services like healthcare are among the cascading consequences.
What to Do if Your Data Is Compromised
In the wake of a breach, experts urge immediate action to protect your personal information:
- If your banking information is leaked, notify your bank to freeze your account or issue a new card. Monitor statements for suspicious activity.
- If your login credentials are exposed, change your passwords immediately and enable multi-factor authentication (MFA).
- If your SIN or other identity information is compromised, contact credit bureaus to set a security freeze or fraud alert, and notify the Canadian Anti-Fraud Centre and local police.
- If health data is breached, contact your healthcare providers and insurance company to assess what information was affected.
Lastly, stay alert for follow-up scams. Hackers often return weeks or months after a breach, hoping to catch victims off guard.
The Bigger Picture
As Canadian businesses face mounting cybersecurity threats, experts say the stakes have never been higher.
“This isn’t just a corporate IT issue — it’s a national economic and consumer protection issue,” said cybersecurity and AI expert Abbas Yazdinejad, who has advised several major firms on post-breach mitigation. “Until organizations take a proactive stance on AI governance and breach preparedness, both businesses and the public will continue to pay the price.”
With high-profile breaches — such as the one currently under investigation at WestJet — making headlines, the IBM report serves as a wake-up call for companies and consumers alike: Cybersecurity is no longer optional. It’s essential.