TORONTO — A new report shows the global average cost of a data breach dropped for the first time in five years — but not in Canada.
The average cost of a breach between March 2024 and February 2025 was $6.4 million, down from $6.6 million a year earlier, showed research released Wednesday from technology giant IBM and the Ponemon Institute, a U.S.-based cybersecurity research centre.
While global costs are decreasing because of shorter breach life cycles, expenses related to these attacks have risen in Canada, IBM Canada’s security delivery leader Daina Proctor said.
The average cost of a Canadian breach soared 10.4 per cent to $6.98 million in the latest year studied from $6.32 million the year before.
Canada’s average is higher because detection and escalation costs, which cover forensic investigators, regulatory responses, legal counsel and crisis communications, have risen, Proctor said.
Detection costs now average $470,000 in Canada, while post-breach recovery costs hover around $270,000.
At the same time, Canada is facing rising costs because of “slower adoption of AI-driven defences and governance gaps,” Proctor said in an email.
In the last year, cybersecurity issues have been reported at Nova Scotia Power, the College of New Caledonia in Prince George, B.C., and PowerSchool, the maker of education software used by many Canadian schools.
Breaches can be expensive because they can be difficult to detect and assessing and recovering from them can be tedious, time-consuming work requiring many professionals and sometimes, interruptions for customers and workers.
Most countries have seen fees associated with a breach drop because it’s taking less time to investigate breaches.
Yet several countries including Canada bucked that trend.
IBM and Ponemon’s research showed the cost of data breaches also rose in the U.S., India, the Association of Southeast Asian Nations and Benelux — the economic union of Belgium, the Netherlands and Luxembourg.
Average breach costs in the United States reached a record US$10.22 million, an increase of nine per cent from last year.
When it analyzed 600 organizations impacted by data breaches, it found the most expensive attacks hit the health care sector, followed by the financial, industrial and energy industries.
In many instances, hackers made use of shadow artificial intelligence — when workers use AI without employer approval or oversight.
“Shadow AI has become one of the biggest blind spots for organizations today,” Proctor said. “Employees are adopting AI tools to boost their productivity, but without oversight, they are inadvertently creating vulnerabilities.”