Skip to content
EY cybersecurity graphic

Cybersecurity threat outlook 2025

Nick Galletto

EY Canada, National Cybersecurity, Strategy, Risk, Compliance and Resilience Leader

12 minute read 14 May 2025
Related topics
Cybersecurity
Consulting
Risk
Managed services

Contributor :  Umang Handa EY Canada, National Cybersecurity Managed Services Leader

As once-emerging technologies like AI, Internet of Things (IoT) and 5G spark innovative momentum within Canadian organizations, they’re also changing the risk landscape. Layer in geopolitical tension, financial pressure and global disruption — and the operating environment becomes even more complex.

At 66%, Chief Information Security Officers (CISOs) are more likely than the rest of the C-suite to worry that cybersecurity threats are more advanced than organizational defences.1

How EY can help

In the face of all this volatility, cyber threats and breaches plagued businesses here throughout 2024. We’ve developed this report to help you understand these risks and strengthen your defences in the face of ongoing threats.
 

In this EY report, we outline:
  

  •  Which cyber threats dominated in 2024 and loom large in 2025.
  • How these threats are changing in light of geopolitical, technological and social shifts.
  • Steps C-suite and operational leaders can take to bolster cybersecurity in this unpredictable environment.

    1. Ransomware: Fuelled by affiliate programs and ransomware-as-a-service (RaaS) schemes 

    2. State-sponsored threat actors: Led by China and Russia

    3. High-profile vulnerabilities: Ranked 8 or higher out of 10 in terms of severity

    4. Cloud environment threats: Reflected global trends and escalations

    5. Supply chain attacks: Focused on exploiting vulnerabilities in third-party vendors, suppliers or service providers

    6. Phishing schemes: Built around business email compromise (BEC) and hybrid phishing attempts

    7. Data breaches due to third-party vendor compromise: Geared to exploit weak security and access sensitive data or networks

    8. IoT environment threats: Designed to go after organizations relying on digital infrastructure

    9. DDoS attacks: Initiated to exhaust resources like bandwidth or memory

    10. Deepfake-driven attacks: Intended to bypass traditional controls and use psychological manipulation

Looking forward, how can Canadian organizations strengthen resilience in this environment?

Upheaval, uncertainty and disruption create prime environments for cybercrime. Those drivers continue to proliferate in 2025 so far. In a market where cybercrime is advancing exponentially year over year, organizations — specifically leaders steering the cybersecurity charge — must embrace an always-on approach to succeed.

This year and going forward:

  • CEOs must drive cybersecurity resilience and a security-first mindset to align with business goals amid persistent digital threats.
  • CISOs must turn executive vision into defences against evolving threats through proactive management, foresight and coordination.
  • Cybersecurity operations teams must tackle daily threats with innovation and AI with a balance of security and efficiency.

Explore specific threats and dig deeper into actions you can take to head off trouble at the curve

Read the full EY Canada cybersecurity threat outlook for 2025.

Download now

Summary

The EY Canada 2025 cybersecurity threat outlook report shares steps leaders can take to double down on cybersecurity in a constantly evolving threat landscape.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
You are visiting EY ca (en)
ca en