A new report shows that the average global cost of data violation has decreased for the first time in five years, but not in Canada.
Thus, it cost an average of 6.4 million dollars on average between March 2024 and February 2025, against 6.6 million a year earlier, according to a study published Wednesday by the IBM technological giant and the Ponémon Institute, a cybersecurity research center based in the United States.
While global costs fall due to shorter life cycles of violations, expenses related to these attacks increased in Canada, underlines Daina Proctor, security manager at IBM Canada.
The average cost of these convidentiality incidents in Canada climbed 10.4 % to $ 6.98 million in the last year studied, compared to 6.32 million in the previous year.
If the Canadian average is higher, it is because of the increase in detection costs and their climbing, which cover judicial investigators, regulatory interventions, legal advice and crisis communications, explains Ms. Proctor.
Detection costs are now on average $ 470,000 in Canada, while recovery costs after a violation oscillates around $ 270,000.
Governance gaps
At the same time, Canada is faced with an increase in costs due to “slower adoption of defenses based on artificial intelligence (AI) and governance gaps”, adds Daina Proctor in an email.
Last year, cybersecurity problems were notably reported to Nova Scotia Power, at the Columbia-British Columbia Columbia Columbia, and the educational software manufacturer used by many Canadian schools.
Violations can be expensive because they can be difficult to detect, and assess and recover them can be tedious and time -consuming work, requiring many professionals and sometimes interruptions for customers and employees.
Most countries have found a drop in costs associated with a violation, as surveys take less time.
However, several countries, including Canada, have resisted this trend.
The cost of data violations has also climbed to the United States, India, in the Association of Nations of Southeast Asia and the Benelux (the Economic Union bringing together Belgium, the Netherlands and Luxembourg), showed the study of IBM and ponon.
In the United States, the average cost of these confidentiality incidents reached the record figure of US $ 10.22 million (around $ 14.11 million CA), an increase of 9 % compared to last year.
The most expensive attacks affected the health sector, followed by the financial, industrial and energy sectors, revealed this analysis of 600 organizations concerned.
The issue of unauthorized AI uses
In many cases, computer hackers have used a ghost artificial intelligence, that is to say when employees use AI without the approval or supervision of their employer.
“The ghost AI has become one of the main dead angles of organizations today,” says Daina Proctor, from IBM Canada. Employees adopt AI tools to increase their productivity, but without supervision, they involuntarily create vulnerabilities. ”
Ghost AI systems often process sensitive data and interact with external systems on which companies have no control. “Once the attackers exploit these flaws, cascade effects can exhibit entire systems and supply chains to significant violations,” explains Ms. Proctor.
Some 20 % of the organizations studied said that they had suffered a data violation due to security incidents involving ghost.
Global organizations that have a high level of use of the ghost AI have specified that the use of this technology has added $ 967,011 to the average cost of data security involvement, compared to those with a low or zero level of a ghost.
The incidents involving the ghost AI also led to greater compromise of identifiable personal information and intellectual property.
To cope with the risks associated with the ghost AI, Daina Proctor maintains that companies must provide their employees with more approved AI tools and perform regular audits in order to detect gaps in their offers and employee compliance.
