National Cyber Threat Assessment 2025-2026: Key Insights
Executive Summary
Canada is confronting an increasingly complex and aggressive cyber threat landscape, characterized by a growing array of state and non-state actors targeting national security and critical infrastructure. State adversaries are evolving beyond traditional espionage, pre-positioning within critical networks for potential future disruptive attacks and combining cyber operations with online information campaigns to intimidate and influence public opinion.
The People's Republic of China (PRC) represents the most sophisticated and active state-sponsored cyber threat to Canada, engaging in extensive espionage, intellectual property theft, and transnational repression. Russia's cyber program aims to confront and destabilize Canada and its allies, while Iran is expanding its coercive and disruptive cyber operations beyond the Middle East.
Concurrently, cybercrime remains a pervasive and disruptive force, sustained by a resilient and interconnected Cybercrime-as-a-Service (CaaS) ecosystem. This model lowers the barrier to entry for malicious actors and fuels the growth of threats. Ransomware has emerged as the most impactful cybercrime threat, particularly against Canada's critical infrastructure, with actors escalating their extortion tactics to maximize profits. Ransomware incidents and associated payments reached record highs in 2023, a trend expected to continue as threat actors refine their capabilities and exploit digital supply chains.
Overview of the Threat Assessment
This briefing synthesizes the key findings of the National Cyber Threat Assessment 2025-2026 (NCTA 2025-2026), published by the Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment (CSE). The assessment, based on classified and unclassified information available as of September 20, 2024, concludes that Canada has entered a "new era of cyber vulnerability" where cyber incidents have cascading and disruptive effects on the daily lives of Canadians.
The report's analysis uses estimative language to convey the probability of its judgements, based on a rigorous assessment methodology.
Estimative Language | Probability |
Almost certain | 95% - 100% chance |
Very likely / Very probable | 80% - 95% chance |
Likely / Probable | 60% - 80% chance |
Roughly even chance | 40% - 60% chance |
Unlikely / Improbable | 20% - 40% chance |
Very unlikely / Very improbable | 5% - 20% chance |
Almost no chance | 0% - 5% chance |
--------------------------------------------------------------------------------
1. State-Sponsored Cyber Threats
State adversaries are leveraging a complex and expanding cyber ecosystem to conduct operations that extend beyond espionage to include disruptive attacks and influence campaigns. The cyber programs of the PRC, Russia, and Iran are identified as the greatest strategic threats to Canada.
