Get the Latest Findings from CDW’s 2025 Canadian Cybersecurity Study
The 2025 CDW Canadian Cybersecurity Study examines how organizations in Canada are responding to the evolving cybersecurity landscape, identifying critical trends, challenges and best practices shaping their defence strategies. The report provides insights into the adoption of AI, the effectiveness of zero-trust strategies, security testing maturity, improvements in detection and response capabilities, and the rising reliance on MDR services.
Our findings offer key insights into how organizations can improve their security posture, refine their security investments and align security strategies with real-world operational needs.
Data Highlights
The Canadian threat landscape is evolving.
Here's what we found:
While attack volume is declining, the number of successful cyberincidents remains steady, suggesting that attackers are becoming more effective at bypassing defences.
Infection rates
remain high
86,5% of respondents in 2024 experienced a security incident in the past 12 months.
Denial of service (DoS) attacks remain steady
Medium-sized organizations saw an increase from 41% in 2024 to 43% in 2025.
Organizations experience an average of 20-25 incidents per year, across DoS, infiltration, breaches and cloud incidents.
Large enterprises experienced a significant decline in attack volume, while small organizations saw a slight increase in 2025.
Cloud-related
incidents increased
Smaller organizations experienced a rise from 47% in 2024 to 50% in 2025.
For a full breakdown of attack trends, download the full report.
Maturity of Canadian Cybersecurity Programs
The study is based on survey data from organizations of varying sizes, analyzing cybersecurity maturity and the factors influencing cyber resilience. Organizations were segmented into four maturity categories – Reactive Defence, Foundational Protection, Operational Resilience and Strategic Security – to explore differences in threat detection, security validation and response capabilities.
Security maturity directly influences an organization’s ability to prevent cyberincidents, improve response times and implement AI and zero-trust models successfully. For a full breakdown of cybersecurity maturity level attributes and their significance across the key findings, download the full report.
Reactive Defence
Strategic Security
Foundational Protection
Operational Resilience
Cybersecurity Challenges Faced by Canadian Organizations
Cyberthreats are evolving rapidly, and Canadian organizations must adapt by implementing more resilient security measures. However, despite increased awareness and investment in cybersecurity, this study highlights a major gap between security strategy and operational execution. Organizations struggle with implementing zero trust, adopting AI for cybersecurity and modernizing security testing approaches to align with cloud environments.
The five key findings of this study focus on how Canadian organizations are managing cybersecurity risks and what’s holding them back:
Key Finding 1
GenAI Adoption Stalls
Canadian Organizations Struggle with Privacy, Skills and Technical Challenges, Leaving GenAI Largely in the PoC Stage
Canadian organizations conducted 17 GenAI PoCs between 2023 and 2024, yet only 28,2 % of these PoCs transitioned into full production, highlighting the barriers that stall GenAI adoption and prevent organizations from fully realizing its benefits.
Key Finding 2
Security Testing Pays Off
Annual Testing Reduces Breach Risk, Helping Canadian Organizations Reduce Serious Security Incidents
Security testing remains one of the most effective tools for reducing cyberthreats, yet many organizations have not adapted their security testing practices for cloud environments. 81 % of respondents stated that penetration testing uncovered vulnerabilities that could prevent future incidents.
Key Finding 3
Detection and Response Get a Boost
Canadian Security Teams Adopt Advanced Threat Detection Technologies, Driving Steady Improvements in Response Times
Organizations are seeing notable improvements in threat detection, response and recovery times, largely due to the adoption of EDR and XDR solutions. XDR adoption surged to 63,5 %, up from 42 % in 2022, showing a clear shift towards more comprehensive threat detection.
Key Finding 4
Zero Trust in Theory, Shortfalls in Practice
Canadian Organizations Find it Challenging to Translate Strategy and Assessments into Actionable Progress
Zero trust has become a cornerstone of modern cybersecurity, yet many Canadian organizations struggle with its implementation. Zero-trust adoption is strongest in organizations with higher security maturity, reinforcing the importance of security program development.
Key Finding 5
Preventing Breaches and Accelerating Response
Canadian Organizations Turn to MDR Providers for Enhanced Threat Detection and Response Capabilities
MDR services are becoming a critical security component, offering expert-led threat detection, response and remediation. 41 % of organizations have adopted MDR services, and an additional 37 % plan to do so.
4 Cybersecurity Recommendations for Canadian Organizations
Canadian organizations can strengthen their security posture and enhance cyber resilience in an increasingly complex threat landscape by taking these steps.
For detailed essential guidance on these recommendations, download the full report.
