North American organizations are vulnerable to cyberattacks, such as ransomware. The data in this working paper is compiled from eSentire, a Canada-based global cybersecurity firm with clients in 35 industries, 71 subindustries and 85 countries. The data has been cleaned to reflect cyberattacks eSentire detected and responded to in North America from January to December 2023. Cybercriminals and state-sponsored threat actors have impacted Canadian organizations. Most recently, cyberattacks have affected Canadian businesses and organizations such as Sobeys, Suncor, Sick Children’s Hospital, Global Affairs Canada and the Royal Canadian Mounted Police. In 2021, there were a reported 235 ransomware attacks against Canadian industry; those attacks cost $6.35 million on average. This working paper uses open-source reporting from organizations that experienced cyberattacks, government agency reporting and quantitative analysis using eSentire’s internal data set on cyberattacks detected and responded to in customer environments in North America. This data set demonstrates the value of managed detection and response firms and how they have helped to reduce the cost of cyberattacks to North American organizations by preventing attacks before they have serious financial consequences. The findings of this research are applicable to policy makers crafting legislation for better controls to minimize the impact of cyberattacks against Canadian industry: specifically, in creating cybersecurity programs and reporting cybersecurity incidents. This research will be directly applicable for Bill C-26, “An Act respecting cybersecurity.”
