2018 Canadian Cybersecurity Survey - Spring edition


While there is a wealth of published survey data available that provides insight into various aspects of cybersecurity, most of it has been collected in countries outside of Canada or aggregates Canadian data as part of the North American geographic market. As a result, there is limited data available in the public domain that specifically captures the Canadian perspective in this dynamic and rapidly evolving area. 

To close this information gap, we launched the first CIRA Canadian Internet Security Survey in late 2017, and are pleased to publish the results in this report. We invited owners of .CA domains to take part in the survey and give us their perspectives on a wide range of topics related to cybersecurity. 

Key Findings

Awareness of cyber threats is high among all respondents – Awareness of the scope and type of cyber threats is high across all respondents. For example, 77 per cent of personal domain owners and 68 per cent of small business respondents report being either aware or very aware of the scope of the cyber threats they face today. 

All respondents express concerns about cyberattacks – Sixty-eight per cent of personal domain owners and 77 per cent of small business domain owners report being either concerned or very concerned about being the victim of an attack.

Cyberattacks are having an impact across the board – All groups surveyed are feeling the effects of various kinds of cyberattacks. Forty-one per cent of those with personal websites indicated that they knew someone who has experienced a virus or ransomware attack; 10 per cent of small business report having their website brought down by an attack within the past 24 months; and 22 per cent of larger organizations have been victimized by a DDOS attack in the past 12 months.

Businesses are deploying a range security solutions to protect themselves –  Both small and large businesses are deploying multiple technology solutions to protect themselves from evolving cyber threats. These include antivirus software, hardware- and software-based firewalls, email encryption, as well as solutions that block malicious queries at the DNS level.

Despite investments in security the bad guys are still getting in – In the last year 19 per cent of companies report being hit by ransomware and 32 per cent report that their users had unwittingly divulged information to phishing tactics.

Individuals/homeowners are not adequately protected – As a group, when we asked about their personal experience, people are underinvesting in security solutions to protect their home networks. More than a third of respondents from this group do not pay for any security protection for their computers and mobile devices, despite reporting they are aware of the risks.


Between November 2017 and January 2018, we surveyed 1,985 Canadians who own at least one .CA domain registered to either a business or an institution (this includes non-profit organizations and government). The survey respondents were streamed into three main groups, based on how they use their .CA domain name. About 18 per cent of survey respondents use their domain for a personal website, usually a sole proprietor business; 74 per cent use it for a small business website, and the other 8 per cent use it for the website for an organization with more than 100 employees.

The vast majority of business professionals we surveyed report playing a significant role in their organization’s IT and security-related decision making. In the case of small business respondents 72 per cent indicated they are primarily responsible for the security and IT operations for their business, while 90 per cent of those working for larger organizations said they are involved in the security and IT decision-making process.

And finally, the online survey invitation was sent via an email with participation voluntary.

Respondant breakdown

 6% personal use but are IT decision makers, 8% are organizations with >100 employees,13% are individuals,

74% are organizations with 1-100 employees