Skip to content

Canada's Business and Tech Newsroom

  • Professional Subscription
  • Partnerships & Advertising
  • Licensing & Syndication
Log In Subscribe
Welcome,
  • My Account
  • Log Out
  • Business
  • Tech
  • National
  • The Big Read
  • Briefings
  • Commentary
Search
Log In Subscribe
Welcome,
  • My Account
  • Log Out
News

Canada’s cybercrime fighters under-resourced and uncoordinated, auditor general finds

OTTAWA — Canada’s efforts to stop cybercriminals are scattered and under-resourced, and victims who report crimes to the wrong authorities stand a good chance of having their complaints just thrown away, the federal auditor general reported Tuesday.

News

Canada’s cybercrime fighters under-resourced and uncoordinated, auditor general finds

CRTC mired in dysfunction and hundreds of cyber-breach reports to cyber-defence agency simply deleted

By David Reevely
Public Safety Minister Dominic LeBlanc in a suit, speaking and gesturing with both hands. Procurement Minister Jean-Yves Duclos is standing next to him.
Public Safety Minister Dominic LeBlanc responds to reports by the federal auditor general in Ottawa, on June 4, 2024. Photo: The Canadian Press/Spencer Colby
Jun 4, 2024
A A
A Small A Medium A Large
Share

Gift

Share

OTTAWA — Canada’s efforts to stop cybercriminals are scattered and under-resourced, and victims who report crimes to the wrong authorities stand a good chance of having their complaints just thrown away, the federal auditor general reported Tuesday.

“We found breakdowns in response, coordination, enforcement, tracking and analysis between and across the organizations responsible for protecting Canadians from cybercrime,” auditor Karen Hogan’s report said.

Talking Points

  • Fighting cybercrime is a task divided among multiple federal agencies, victims are often confused about where to go, and the agencies don’t work together well, auditor general Karen Hogan reported
  • A single reporting point would help, Hogan said, but it shouldn’t take structural reforms for the RCMP, CSE or CRTC to know not to just discard information about online attacks and frauds because it went to the wrong place

Online crimes are already known to be a $531-million-a-year problem, based on limited 2022 figures, and “without prompt action, financial and personal information losses will only grow as the volume of cybercrime and attacks continues to increase,” the auditors found.

Responsibility for cybercrime is shared among different parts of the Royal Canadian Mounted Police, the Communications Security Establishment (CSE) defence agency, the Public Safety Department and the Canadian Radio-television and Telecommunications Commission (CRTC). 

“We found that these organizations have neither the capacity nor the tools to effectively fight cybercrime as cyberattacks grow in number and sophistication,” Hogan said in a news conference about her reports.

The public would be better served if there were a single place to go to report cybercrimes and attacks, she said. The various authorities have talked about creating one but have not.

Even so, Hogan said, the various agencies should be doing better: “You don’t need [a single report-taking window] to agree that if a report that comes to you now is not within your mandate, you should do something about it.”

Related Articles

A baby-blue hulled ship with a load of sea containers is docked beneath a row of towering red cranes.

Canada a ‘weak link’ among allies on economic security: Federal documents

By David Reevely
A silhouetted person uses a smartphone to record a voice message.

How Logic readers are dealing with the rise in digital fraud

By Aaliyah Dasoo

The Mounties are missing about 30 per cent of the staff they’re supposed to have to investigate cybercrime, the auditors found, and they aren’t even sure why: “The RCMP had not done an internal labour market analysis of its existing workforce, its workforce needs, and how employees advance within it,” the report said.

(The RCMP did tell the auditors that cyber experts can make more money in the private sector for similar work.)

Though the RCMP are the key investigators and enforcers, they aren’t the only ones with responsibility when it comes to cybercrime. Often, regular people don’t know where to turn, and they suffer for it, the audit report said.

The way the CSE-run Canadian Centre for Cyber Security handles reports of cyber incidents is symbolic of the confusion. More than a third of the reports it gets from individuals who believe they’ve been victims of cybercrime, it simply deletes, the auditors found.

The centre does a great job responding to high-priority cases, the auditors said, particularly ones involving the government or critical infrastructure. It moves fast, informs victims if they’re unaware they’ve been targeted, alerts enforcement partners like the Mounties and checks in with victims afterward.

But the cybersecurity centre isn’t a law-enforcement agency itself. Its mandate is to work with governments and private enterprises to keep them secure. Despite the extensive information it has for individuals worried about cybercrime and cyberattacks, helping cybercrime victims one-on-one isn’t its job.

The CSE would explain as much if you were a private citizen reporting a possible cybercrime to the agency in the two years the auditors examined, but only if you made your report by phone or email. If you filed one of the 1,870 such reports the agency got via its web reporting form in that period, you were out of luck.

The CSE's cybersecurity centre simply deletes more than a third of the reports it gets from individuals who believe they’ve been victims of cybercrime, auditors found. Photo: The Canadian Press/Sean Kilpatrick

Instead of being advised to take your report to the police, you’d hear nothing. The CSE would determine that your individual report was not its responsibility, and would neither reply nor forward your report anywhere, the auditors found.

The centre might not even have assessed your concern correctly, says the report: “The establishment’s Canadian Centre for Cyber Security deleted information from all out-of-mandate reports almost immediately. However, we found that the establishment did not have controls to ensure that reports were accurately assessed as being out of mandate before deletion.”

Hogan said often when agencies didn’t respond to reports, it was due to lack of resources or proper authority. This particular practice was “unique,” she said. She didn’t have an explanation.

“Canadians are going to find it confusing and probably frustrating that they don’t know what’s happened to a report,” Hogan said.

The CSE’s spokesperson Janny Bender Asselin told The Logic in an email that the agency can’t forward reports that are out of its bailiwick to other authorities because of privacy rules, but recognizes the concern.

“We are working with our federal partners to establish a single-window solution for reporting cyber incidents with the ultimate goal to ensure Canadians can always find the help they need,” she wrote.

A federal cyber-incident reporting portal now directs individuals to numerous other agencies, depending on the type of incident. 

Elsewhere, the CRTC is responsible for efforts to fight email spam, because it oversees internet providers. Spam messages are often the beginnings of cybercrimes—attempts to rip recipients off or steal their personal information—but the commission doesn’t do very much with cybercrime-related reports, the auditors found.

They estimated the CRTC got about 75,000 cybercrime-linked spam reports in 2022–23 alone. Over three years, the auditors said, it initiated just six investigations. Three of those have led to “enforcement actions” such as monetary penalties, which is as much as the CRTC is permitted by law to impose.

But in one of those cases, the commission acted bizarrely, the audit report says. It had used its spam-investigating authority to seize “electronic devices” from someone it subsequently learned was also under criminal investigation. CRTC investigators told police that they had taken the electronics, but when the police said they’d be getting a search warrant for the devices, the CRTC got permission from the owner to wipe the devices to avoid being served with the warrant.

The report does not say what possible crime was being probed or what happened to the investigation.

Even within the CRTC, the enforcement arm and the legal department don’t get along in ways that affect the commission’s effectiveness, the audit found. “We observed that there was a marked lack of trust and civility between these two teams,” the auditors reported.

Gift the full article

Public Safety Minister Dominic LeBlanc said in a statement that he welcomes the audit and its recommendations. Cybercrime is inherently complex and multijurisdictional, all the authorities need to work together, and Bill C-26—the cybersecurity law that has been plodding through Parliament for nearly two years—will help, he said.

“I have every confidence in our law enforcement and intelligence agencies’ ability to continue to keep Canadians safe online,” LeBlanc’s statement said.

#auditor general #CRTC #CSE #cybersecurity #Dominic LeBlanc #economy #Tech

Loading...

Thanks for sharing!

You have shared 5 articles this month and reached the maximum amount of shares available.

Close
This account has reached its share limit.

If you would like to purchase a sharing license please contact The Logic support at [email protected].

Close
Want to share this article?

Upgrade to all-access now

Close
Gift the full article!

You have gifted 0 article(s) this month and have 5 remaining.

Copy link and gift
Copy Link
Email to a friend
Send Email
Gift on Social Media

Recipients will be able to read the full text of the article after submitting their email address. They will not have access to other articles or subscriber benefits.

Public Safety Minister Dominic LeBlanc in a suit, speaking and gesturing with both hands. Procurement Minister Jean-Yves Duclos is standing next to him.

Photo: The Canadian Press/Spencer Colby

The CSE's cybersecurity centre simply deletes more than a third of the reports it gets from individuals who believe they’ve been victims of cybercrime, auditors found.

Most Popular This Week

A shot of a placard on a table reading "Let Alberta Decide." There is a person out of focus in the foreground wearing a cowboy hat.
The Big Read

What Alberta’s corporate heavyweights really think about separation

By Meghan Potkins
Carney and Trump at a photo op in Sharm El-Sheikh, Egypt, against a white backdrop that features a peace-themed logo for the gathering. Carney is leaning toward a scowling Trump and pointing his index finger at the U.S. president.
News

The U.S. has chosen not to extend CUSMA. Here’s what happens next

By Joanna Smith
A person in glasses and a blue top is sitting and typing on a laptop in an office. A desktop screen next to the laptop displays some blurred-out coding work.
News

A niche white-collar role is becoming the AI industry’s hot new job

By Anita Balakrishnan
A logo that reads AI in blue lettering against a light yellow background.
News

What happened when a VC firm let AI do almost everything

By Catherine McIntyre

In-depth, agenda-setting reporting

Great journalism delivered straight to your inbox.

Nakisa CEO Babak Varjavandi in a screencapture from the floor of a tech show. He's wearing a suit jacket and open-collared shirt.
News

Canadian firms are ready to help with digital sovereignty. Their challenge is getting approved

By Laura Osman

Briefing

Radical Ventures leads US$130M financing for AI model maker Prime Intellect

By Murad Hemmadi   |   Jul 9, 2026 | 3:58 PM ET

Intact warns of larger-than-expected losses from extreme weather and fire claims

By Anita Balakrishnan   |   Jul 9, 2026 | 3:55 PM ET

Quebec government greenlights 50-year, $2.5B energy deal with Innu community

By Martin Patriquin   |   Jul 9, 2026 | 3:32 PM ET

Best business newsletter in Canada

Get up to speed in minutes with insights and analysis on the most important stories of the day, every weekday.

Exclusive events

See the bigger picture with reporters and industry experts in subscriber-exclusive events.

Membership in The Logic Council

Membership provides access to our popular Slack channel, participation in subscriber surveys and invitations to exclusive events with our journalists and special guests.

Recent Popular Stories

The Big Read

What Alberta’s corporate heavyweights really think about separation

By Meghan Potkins   |   Jul 2, 2026
A shot of a placard on a table reading "Let Alberta Decide." There is a person out of focus in the foreground wearing a cowboy hat.
News

A niche white-collar role is becoming the AI industry’s hot new job

By Anita Balakrishnan   |   Jun 30, 2026
A person in glasses and a blue top is sitting and typing on a laptop in an office. A desktop screen next to the laptop displays some blurred-out coding work.
News

What happened when a VC firm let AI do almost everything

By Catherine McIntyre   |   Jun 29, 2026
A logo that reads AI in blue lettering against a light yellow background.
News

Carney’s new deal for B.C. paves way for West Coast pipeline

By David Reevely and Meghan Potkins   |   Jul 2, 2026
Workers position pipe during construction of the Trans Mountain pipeline expansion in Abbotsford, B.C., in May 2023.
Analysis

Canada’s ETF industry is almost a trillion-dollar business

By Chaimae Chouiekh   |   Jul 3, 2026
Despite a down year a sign board displays the TSX's upbeat close on the final day of the year, in Toronto's financial district on Monday, Dec. 31, 2018.
Analysis

It turns out Trump does need something from Canada—aluminum

By Joanna Smith   |   Jun 25, 2026
A close-up of a made-in-Canada stamp on the end of a cylindrical piece of raw aluminum.

Canada's most influential executives and policymakers are reading The Logic

  • CPP Investments
  • Sun Life Financial
  • C100
  • Amazon
  • Telus
  • Mastercard
  • bdc
  • Shopify
  • Rogers
  • RBC
  • General Motors
  • MaRS
  • Government of Canada
  • Uber
  • Loblaw Companies Limited
logic-logo

Canada's Business and Tech Newsroom

100% human-crafted journalism

Newsroom

  • News Tips
  • AI Policy
  • Editorial Disclosures
  • Story Pitches

Company

  • About Us
  • Terms of Service
  • Privacy Statement
  • Corporate Information

Contact

  • Contact Us
  • Advertise
  • FAQs
  • Work at The Logic

© 2026 The Logic Inc. All Rights Reserved.

Trusted by leaders

Error

Account creation failed.

Please email us at [email protected].

Create Account

[wppb-register form_name=”cozmo-registration-form-for-modal”]

I do have an account
Login
or

[wppb-login]

I don’t have an account