IT Brief Canada - Technology news for CIOs & IT decision-makers
Canada
Canadian firms flag AI-linked cyber risks from suppliers
Data Protection Digital Transformation CX

Canadian firms flag AI-linked cyber risks from suppliers

Thu, 21st May 2026 (Today)
Sofiah Nichole Salivio
SOFIAH NICHOLE SALIVIO News Editor

One in three Canadian businesses experienced a cyber incident in the past year that they believed involved artificial intelligence, according to QBE. The finding is based on a survey of 400 decision-makers at medium-sized businesses in Canada.

Across the wider market, 57% of Canadian businesses reported at least one cyber event over the past 12 months, up from 53% a year earlier. Among those affected, 65% linked at least one attack to a supplier, and 58% said the incident led to lost revenue.

The figures suggest growing concern about risks tied to third-party providers as companies adopt artificial intelligence more widely in day-to-day operations. Nearly two-thirds of Canadian businesses, 63%, said they were concerned about risks arising from how their suppliers use AI.

Artificial intelligence use is now close to universal among the companies surveyed. QBE found that 83% of Canadian businesses are already using AI, up from 71% a year earlier, while a further 14% are considering it.

Businesses said they were introducing the technology mainly to improve efficiency and productivity, with 53% citing each goal. Other reasons included improving decision-making at 42%, growing revenue at 41%, and improving compliance and reducing risk at 36%.

Phishing remained one of the most common attack methods among incidents respondents believed involved AI. The research did not provide a full ranking of attack types, but identified phishing as a frequent method.

Supplier risk

The survey suggests companies are taking steps to manage risks from their own AI deployments, including staff training on responsible use, checks on data quality and monitoring outputs for bias. Even so, concern appears to be shifting beyond internal systems to outside partners.

"As new technologies such as AI become embedded in operations, effective risk management remains fundamental to ensuring sustainable and resilient growth," said Kyle Gray, Underwriter Team Lead, QBE Canada.

That shift is reflected in the share of businesses linking cyber incidents to suppliers. The proportion of affected companies reporting a supplier-related attack rose to 65% from 58% a year earlier.

"AI risk doesn't stop at the internal perimeter. Organisations need the same level of discipline and oversight across their third-party ecosystem, because weaknesses in the supply chain can quickly become risks to the business itself," Gray said.

Budgets rise

Despite the increase in reported cyber events, the share of respondents concerned about cyber threats over the next year fell to 65% from 78%. That lower level of concern has not stopped companies from allocating more money to cybersecurity.

QBE found that 31% of respondents expected their IT cybersecurity budget to rise in line with inflation over the coming year, while another 31% expected increases above inflation. The insurer also found that 72% now have cyber insurance, compared with 67% a year earlier.

Preparation for incidents has also increased, with the share of businesses that have an incident response plan rising to 83% from 79%.

Disruption from attacks remains significant for a smaller but still notable group of companies. Overall, 16% of Canadian businesses said they had experienced a cyber event in the past year that caused business interruption lasting at least one working day, down from 18% a year earlier.

The Canadian findings are part of a wider study covering 15 countries and more than 6,000 businesses. In Canada, the sample included decision-makers in IT, administration or insurance at companies with 100 to 2,000 employees.

The research comes as businesses weigh the benefits of artificial intelligence against a changing threat landscape. For many companies, the same tools that promise efficiency gains are also raising new security questions around internal controls, data use and supplier oversight.

Among the businesses surveyed, 36% said they were using AI to drive innovation, 36% to improve customer experience and retention, 36% to build competitive advantage, and 35% to increase agility. A further 28% said they were using it to enable personalisation at scale.

The data also suggests AI adoption in Canada is moving from experimentation to broader use. With 97% of businesses either using the technology or exploring it, cyber risk management is becoming more closely tied to procurement, vendor oversight and business continuity planning.

Image: Kyle Gray, Underwriter Team Lead, QBE Canada
Related stories
FIFAI panel report sets 'AGILE' guide for AI in finance
SMBs adopt AI faster than they secure it, Sage says
Jazz urges stronger IP safeguards amid AI data leaks
API attacks surge as AI exposure raises cyber risk
KnowBe4 launches Agent Risk Manager for AI agent security
Top stories
Selector launches AI multi-cloud observability for hybrids
Valkey 9.1 cuts memory use & boosts security tools
Druid AI report finds sector gaps in live agent use
Cloudflare launches Claude agent environments with Anthropic
National Bank of Canada teams up with Sardine on fraud