Artificial intelligence is transforming how Canadian businesses operate—but it’s also rapidly changing the cyber threat landscape.
According to new global research from QBE, 1 in 3 Canadian businesses (33%) experienced a cyber incident in the past year that they believe involved AI. That’s a striking indicator of how quickly attackers are leveraging emerging technologies, and how urgently organizations need to adapt.
AI Adoption Is Surging Across Canada
AI is no longer experimental, it’s becoming foundational.
- 97% of Canadian businesses are now using or exploring AI
- 83% are actively using AI (up from 71% in 2025)
- Only 14% are still in the “exploring” phase (down from 23%)
The message is clear: AI is here, and adoption is accelerating.
Businesses are embracing AI primarily to:
- Increase operational efficiency (53%)
- Boost productivity (53%)
- Improve decision-making (42%)
- Drive revenue growth (41%)
- Enhance compliance and reduce risk (36%)
While these benefits are compelling, they come with new and evolving risks.
Cyber Threats Are Increasing, and AI Is Fueling Them
Cyber incidents are rising overall:
• 57% of Canadian businesses experienced at least one cyber event in the past 12 months (up from 53%)
• Phishing remains one of the most common attack methods, increasingly powered by AI
Even more concerning: attackers are finding new ways in through third-party vulnerabilities.
• 65% of cyber attacks were linked to suppliers or vendors (up from 58%)
• 63% of businesses are concerned about AI-related risks in their supply chain This highlights a critical shift, your risk doesn’t stop at your firewall.
The Business Impact Is Real
Cyber incidents are no longer just IT issues—they’re business issues.
- 58% of affected businesses reported revenue loss
- 16% experienced operational downtime of one day or more
- 65% are concerned about future cyber threats
Despite slightly lower concern compared to last year (78%), companies are taking action:
- 62% are increasing cybersecurity budgets (31% with inflation, 31% beyond)
- 72% now have cyber insurance (up from 67%)
- 83% have incident response plans in place
The Hidden Risk: Your Supply Chain
As AI becomes embedded into daily operations, third-party risk is emerging as one of the most significant vulnerabilities.
“AI risk doesn’t stop at the internal perimeter… weaknesses in the supply chain can quickly become risks to the business itself.” -Kyle Gray, Underwriter Team Lead, QBE Canada
Your vendors, partners, and service providers may be introducing risk, whether through poor data handling, weak AI governance, or unsecured systems.
What Businesses Should Be Doing Right Now
To stay ahead of AI-driven cyber threats, organizations need a proactive and structured approach.
Strengthen Your Cybersecurity Foundation
- Identify critical assets, threats, and vulnerabilities
- Define acceptable risk levels at a leadership level
- Prioritize mitigation strategies based on impact
- Regularly test incident response and recovery plans
- Stress test crisis management processes
- Continuously evolve defenses as threats change
Lock Down Third-Party Risk
-
- Implement strong identity and access management (IAM)
- Conduct regular configuration and security audits
- Encrypt sensitive data across all environments
- Evaluate vendors’ cybersecurity and AI governance practices
- Establish clear supply chain risk protocols
Final Thoughts: AI Is a Competitive Advantage, but Also a Risk Multiplier
AI is unlocking enormous gains in efficiency, productivity, and innovation. But as this technology becomes embedded into operations, it is also expanding the attack surface for cybercriminals.
For Canadian businesses, the takeaway is simple:
AI adoption must be matched with equally sophisticated cybersecurity strategies.