Global data breach expenses decreasing, except in Canada, according to IBM research
In the digital age, the threat of data breaches looms large. Canada, like many other countries, has seen a significant increase in the average cost of data breaches. This article explores the key factors driving this trend.
The rise in detection and escalation costs, including forensic investigations, regulatory responses, legal counsel, and crisis communications, now averages $470,000 in detection and $270,000 in post-breach recovery per incident. These costs, as highlighted by various studies, are a major contributor to the escalating breach costs in Canada.
Another factor is the slower adoption of AI-driven security defenses and governance gaps. These impede efficient breach detection and mitigation, leading to higher overall costs. The impact of Shadow AI—unsanctioned AI tools introduced by employees—further adds to the burden, approximating CA$308,000 per breach and increasing the likelihood of sensitive data exposure and compliance risks.
The complexity and risks associated with security systems, supply chain vulnerabilities, and Shadow IT practices further exacerbate the situation. These issues, particularly prevalent in sectors like healthcare, serve to increase the costs of breaches.
Collectively, these factors have contributed to a 10.4% increase in the average Canadian breach cost to CA$6.98 million in 2025, contrasting with a global trend of decreasing breach costs due to shorter breach life cycles.
Interestingly, several countries, including Canada, have bucked this trend, with the average cost of a data breach in the United States reaching a record $10.22 million, an increase of 9% from the previous year. Incidents involving shadow AI resulted in more personal identifiable information and intellectual property being compromised.
Breaches can be difficult to detect and assessing and recovering from them can be tedious, time-consuming work requiring many professionals. This is evident in recent cybersecurity issues reported at Nova Scotia Power, the College of New Caledonia in Prince George, B.C., and PowerSchool.
To address the risks associated with shadow AI, companies need to provide workers with more approved AI tools and conduct regular audits to find gaps in their offerings and employee compliance. Global organizations with high levels of shadow AI had an average breach price tag increased by $967,011 compared to those with low levels or none.
In conclusion, the rising costs of data breaches in Canada are a complex issue driven by a combination of factors. Understanding these factors is crucial in developing effective strategies to mitigate the risks and costs associated with data breaches.
- Education and cybersecurity training for employees can help identify and address the risks associated with Shadow AI, potentially reducing the average cost of a data breach.
- In response to the increase in data breach costs, Toronto, a major city in Canada, has proposed new regulations to strengthen data-and-cloud-computing security standards.
- The healthcare sector in Toronto, facing an increased threat of data breaches, is seeking investments in technology to improve its data security measures, particularly with regards to health records.
- As Canada grapples with the rising costs of data breaches, the government is significantly investing in technology to improve cybersecurity, focusing on areas such as artificial intelligence and machine learning.
