The National Cyber Threat Assessment 2025–2026

Canada’s National Cyber Threat Assessment 2025–2026 explains the biggest cyber risks to Canadians, including ransomware, state threats, AI-enabled scams, and supply-chain vulnerabilities.

The National Cyber Threat Assessment 2025–2026 outlines the evolving cyber threat landscape facing individuals and organizations in Canada over the next two years. It explains how cyber threats intersect with national security, economic stability, and the delivery of essential services.

The assessment describes a cyber environment shaped by increasing connectivity, geopolitical tension, and rapid technological change. Threat actors are becoming more capable, better resourced, and more coordinated. Both state-sponsored and criminal actors continue to target Canadian interests. The report emphasizes that cyber activity is now a persistent feature of international competition.

State-sponsored cyber threat actors remain a central concern in the assessment. Countries such as the People’s Republic of China, Russia, and Iran use cyber operations to advance strategic, political, and economic objectives. These activities include espionage, intellectual property theft, influence operations, and preparation for potential disruption. Canada is assessed as a likely target due to its alliances, global presence, and advanced digital infrastructure.

Cybercrime continues to pose a significant and growing risk to Canadians. The assessment highlights the expansion of the cybercrime-as-a-service ecosystem, which lowers the barrier to entry for criminal activity. This model allows specialized tools, stolen data, and access services to be bought and sold online. As a result, a wider range of actors can carry out sophisticated attacks with limited technical expertise.

Ransomware is identified as the most serious cybercrime threat to Canada’s critical infrastructure. These attacks disrupt essential services and can affect public safety, economic activity, and trust in institutions. Ransomware actors are assessed as likely to escalate extortion tactics and improve their ability to evade law enforcement. The report notes that victims face increasing pressure to pay ransoms to restore operations.

The assessment explains how cyber threat actors are adapting their tradecraft to avoid detection. Techniques such as living-off-the-land, abuse of legitimate tools, and exploitation of trusted services are becoming more common. These methods make malicious activity harder to distinguish from normal operations. As a result, detection and attribution are increasingly challenging.

Emerging technologies are reshaping the threat landscape. Artificial intelligence and automation are enabling faster reconnaissance, more convincing social engineering, and scalable disinformation campaigns. Dual-use technologies and commercial services can be repurposed by threat actors. The assessment notes that innovation benefits defenders and adversaries alike.

Supply chains and vendor ecosystems are highlighted as areas of growing vulnerability. Concentration of services and reliance on a small number of technology providers increase systemic risk. A single compromise can have cascading effects across multiple organizations. The report stresses that these dependencies require greater visibility and coordinated risk management.

Non-state actors motivated by ideology or geopolitics are contributing to unpredictability in cyberspace. Hacktivist groups may act independently or align loosely with state interests. Their activities can amplify tensions and create disruptive effects without formal state direction. This blurring of roles complicates response and deterrence efforts.

The assessment underscores that cyber threats affect organizations of all sizes. Small and medium-sized organizations often lack the resources of larger entities but remain attractive targets. Individuals are also exposed through fraud, identity theft, and influence operations. Cyber resilience is therefore described as a shared responsibility across society.

Building resilience requires understanding how threats are likely to evolve. The assessment provides forecasts to help organizations anticipate future risks rather than react only to past incidents. It emphasizes the importance of collaboration between government, the private sector, and the public. Shared awareness supports more coordinated and effective defensive measures.

Readers often ask where to focus attention in a complex threat environment and how to balance competing priorities. This assessment is designed to address those questions in a structured and practical way. It supports informed decision-making, risk prioritization, and long-term planning without requiring deep technical expertise.

This is a public document intended for broad distribution and citation. Document status: UNCLASSIFIED. Publisher: Canadian Centre for Cyber Security, Communications Security Establishment Canada. Intended audience: individuals, organizations, and decision-makers seeking an overview of current and emerging cyber threats to Canada.

• Click here to download