Auditor General Karen Hogan tabled a report today in the House of Commons revealing that the federal government lacks the capacity and tools to effectively combat cybercrime, amidst a rising number and complexity of cyberattacks. The audit identified breakdowns in response, coordination, tracking, and information sharing among the organizations responsible for protecting Canadians from cyber threats.
In 2022, victims of fraud reported financial losses totaling $531 million to the Canadian Anti-Fraud Centre, with three quarters of these reports related to cybercrime. Shockingly, the centre estimates that only 5% to 10% of cybercrimes are actually reported.
The audit highlighted that many incidents were reported to the wrong organizations, which often failed to redirect them to the appropriate authorities. For instance, between 2021 and 2023, Communications Security Establishment Canada deemed almost half of the 10,850 reports it received were outside its mandate because they pertained to individual Canadians rather than organizations. However, affected individuals were not informed to report their situations to another authority.
The Royal Canadian Mounted Police (RCMP) faced delays in deploying its National Cybercrime Solution, an information technology system designed to simplify cybercrime reporting, provide a shared cybercrime database for Canadian law enforcement agencies, and enable cross-referencing of domestic and international malware samples. The audit also noted that the RCMP struggled to fill positions in its cybercrime investigative teams, with an estimated 30% of positions vacant as of January 2024.
“The current system for reporting cybercrime incidents is confusing and does not meet the needs of individuals reporting these crimes,” said Ms. Hogan. “While the RCMP, Communications Security Establishment Canada, and Public Safety Canada have discussed implementing a much-needed single point for Canadians to report cybercrime, this has yet to happen.”
The report underscores the urgent need for a cohesive strategy to address cybercrime, improve incident reporting, and strengthen the response capabilities across all organizations involved in cybersecurity in Canada.