Canada’s Cybersecurity Gap Needs To Be Addressed Now

Originally published in The Hill Times. Co-Authored by: Ulrike Bahr-Gedalia, Senior Director, Digital Economy, Technology and Innovation, and Cyber. Right. Now. Council Lead, Canadian Chamber of Commerce; David Shipley, CEO, Beauceron Security, and Cyber. Right. Now. Council Co-Chair

Canada faces an escalating wave of cyber threats that directly endanger the critical infrastructure and essential services Canadians rely on every day. From the disruption of municipal services as seen in Hamilton to delayed medical treatments due to ransomware attacks on hospitals to the billions lost by Canadians because of cyber-enabled fraud, we find ourselves confronting the realities of a sophisticated cyber dark-age with insufficient defenses.

That’s not to say we aren’t making some progress in correcting this alarming situation — there have been recent strides in securing federally regulated sectors like banking, transportation, telecommunications and energy transmission; as well as the Government of Canada’s announced funding for boosting the cyber resilience of critical infrastructure, including government departments. But these measures alone are not enough. Especially since Canada’s cybersecurity ecosystem resembles a medieval castle — robustly protecting the government but leaving the broader domain of provinces, municipalities and businesses vulnerable.

Passing Bill C-26 this spring and refining its regulations over the next year has never been more critical. However, this legislation is only part of the work needed to address Canada’s cybersecurity gap.

Effective defense against cyber threats requires robust two-way communication between government agencies and the private sector. Currently, barriers, chief among them concerns over privacy and legal repercussions, inhibit this essential exchange. Government can incentivize the private sector to share threat data by offering legal protections, financial rewards and enhanced cybersecurity support.

Such offerings will not only foster greater participation by business but also promote digital trust and ensure that both public and private sectors can respond to threats with agility and coordinated precision. Improved collaboration will prevent cyber criminals from exploiting the weaknesses in our patchwork of regulations and outpacing our defensive efforts.

A national summit on ransomware is one example of taking a proactive step towards uniting stakeholders against this pervasive threat and setting a strategic agenda to bolster Canada’s digital defenses.

Alongside increased collaboration, we also need to continue advancing cybersecurity in national discourse and through intergovernmental work with provinces and municipalities. Elevating the parliamentary secretary for cybersecurity to a cabinet-level position would equate Canada declaring that cybersecurity is a top government priority, crucial for our country’s national interest. A full-seat cabinet role means improved resources, streamlined decision-making, a clear mandate for rapid action, and accountability for collaboration and coordination — all the necessary measures for strengthening our cybersecurity posture and safeguarding the digital economy that Canadians are increasingly dependent on.

However, no cybersecurity defense strategy would be complete without measures to empower small- and medium-sized enterprises (SMEs) with the resources and capabilities to fend off cyber-attacks. Making up 98% of all businesses, SMEs are the backbone of Canada’s economy, yet many lack the financial resources and expertise to effectively respond to cyber-threats, making them easy targets. By redirecting funding from lower-priority government spending to a dedicated SME Cyber Defence Fund, Canada can help SMEs improve their cyber resilience and close the cybersecurity investment gap.

The stakes are high. The time for decisive action is now. If Canada is to have a hope of surpassing or at least catching up to cyber criminals — and our allies — we need to move from fragmented and reactive to unified and proactive.

Through an updated national cybersecurity strategy that includes robust information-sharing mechanisms, increased collaboration and coordination between government and private sector, a full cabinet position and help for SMEs, we can safeguard our economy and enhance the prosperity of all Canadians.  

Bill C-26 is a starting point but should be viewed as the foundation upon which we build a more resilient cybersecurity framework and national strategy that is inclusive of all Canadians. And while we’re at it, why not also position ourselves as a leader in global cybersecurity efforts.