2024 Reports 5 to 7 of the Auditor General of Canada to the Parliament of Canada—Canada’s response to cybercrime hindered by government’s siloed, disconnected approach

2024 Reports 5 to 7 of the Auditor General of Canada to the Parliament of CanadaCanada’s response to cybercrime hindered by government’s siloed, disconnected approach

Ottawa, 4 June 2024—A report from Auditor General Karen Hogan tabled today in the House of Commons concludes that the federal government does not have the capacity and tools to effectively fight cybercrime, including to address the growing number and sophistication of cyberattacks. The audit found breakdowns in response, coordination, tracking, and information sharing between and across the organizations responsible for protecting Canadians from cybercrime. In 2022, victims of fraud reported financial losses totalling $531 million to the Canadian Anti‑Fraud Centre. Three quarters of these reports were cybercrime related. The centre estimates that only 5% to 10% of cybercrimes are reported.

There are many organizations that play a role in combatting cybercrime. Effectively addressing cybercrime depends on reports going to the organizations best equipped to receive them and on those organizations acting on these reports. The audit found many incidents that were reported to the wrong organizations and where organizations did not respond or redirect the reports they received. For example, between 2021 and 2023, Communications Security Establishment Canada deemed that almost half of the 10,850 reports it received were out of its mandate because they related to individual Canadians and not to organizations. However, it did not inform many of these individuals to report their situations to another authority.

The Royal Canadian Mounted Police (RCMP) has experienced delays in deploying its National Cybercrime Solution, an information technology system meant to make it easier for victims to report cybercrimes, provide a shared cybercrime database for Canadian law enforcement agencies, and allow the cross-referencing of domestic and international malware samples. The audit also found that the RCMP struggled to staff its cybercrime investigative teams. The audit estimated that as of January 2024, 30% of positions across all teams were vacant. In our view, having a plan to reduce human resource gaps across all organizations involved in fighting cybercrime, including the RCMP, is an important component of a National Cyber Security Strategy.

“The current system for reporting cybercrime incidents is confusing, and it does not meet the needs of individuals reporting these crimes,” said Ms. Hogan. “While the Royal Canadian Mounted Police, Communications Security Establishment Canada, and Public Safety Canada have discussed implementing a much needed single point for Canadians to report cybercrime, this has yet to happen.”

- 30 -

The 2024 Reports of the Auditor General of Canada, Report 7—Combatting Cybercrime, is available on the Office of the Auditor General of Canada website.

Please visit our Media Room for more information.