AI-enabled cyber threats are increasingly targeting specific high-value sectors—with implications for Canada’s economic resilience and digital trust. According to EY’s latest Global Cybersecurity Threat Outlook 2026, sectors like Retail, Telecommunications and Energy are facing distinct and rapidly evolving threat profiles.
For example:
- Retail and consumer sectors remain highly vulnerable to ransomware and identity-driven attacks, disrupting operations, driving financial losses and eroding customer trust.
- Telecommunications are increasingly targeted as critical network infrastructure, where attacks can disrupt communications, impact emergency services and expose sensitive data.
- Energy is a growing target due to its role in critical infrastructure and the potential for widespread disruption.
Umang Handa, National Leader, Cybersecurity Managed Services at EY Canada, said the report shows that cybercriminals are increasingly focusing on sectors that people rely on every day.
“In Canada, retail, telecommunications and energy stand out because attacks against them can cause immediate disruption and quickly get attention. Retail is a major target because it handles large volumes of customer data and transactions,” he said.
“Retailers also rely on many connected systems like payments, loyalty programs, suppliers and delivery partners. AI makes it easier for attackers to automate fraud, break into accounts and launch scams at scale, especially during busy shopping periods when teams are stretched and problems are harder to spot.
“Telecommunications companies are attractive because they sit at the centre of Canada’s digital economy. If attackers disrupt networks or gain access to telecom systems, the impact can spread far beyond one company affecting businesses, governments and everyday consumers.
AI helps attackers scan large networks more quickly and find weak points, especially around user access and identity controls. Energy and utilities are targeted because successful attacks can cause real world disruption.
Power, fuel and utilities are essential services and even short outages can have serious economic and safety consequences. These organizations also operate complex systems, some of which weren’t built with today’s cyber threats in mind.
“Across all three sectors, attackers are going after trust and continuity. When customers lose access to services they depend on or fear their data isn’t safe, the damage lasts well beyond the cyber incident itself.”
How AI is changing the nature of cyberattacks
Handa said AI is changing cyberattacks in three keyways at once: attacks are happening at greater scale, they are harder to spot and they rely less on technical hacks and more on social engineering techniques used for tricking people.
“First up is scale. AI allows attackers to automate phishing emails, fraud attempts and login attacks across thousands or even millions of targets at the same time. What once took large criminal groups can now be done quickly and cheaply, increasing the overall volume of attacks Canadian organizations face,” he explained.
“Second is sophistication. AI is being used to create more convincing scams, including fake emails, voice messages and even deepfake videos that appear to come from real executives or trusted partners. These attacks don’t look suspicious in the traditional sense, which makes them much harder for employees to detect.
“And third, AI is creating new risks. Attackers aren’t just targeting systems anymore, they’re targeting data, identities (both non-human and human) and automated decision-making processes. If those are manipulated, the damage can spread quietly through an organization without being noticed right away.
“The big shift highlighted in our outlook is that organizations can’t assume they’ll stop every attack. Instead, success now depends on how quickly a problem can be spotted, contained and fixed. In an AIdriven threat landscape, speed and preparation matter just as much as prevention.”
How AI-driven ransomware and identity-based attacks evolving
Handa said retailers are seeing a clear shift toward attacks that focus on people and access, rather than just systems and AI is helping attackers break into accounts more easily and shut down operations when it hurts the most.
“Ransomware attacks are becoming more targeted so instead of hitting random systems attackers use AI to study a retailer’s environment and identify the systems that would cause the most disruption such as payment platforms or supply chain tools. Attacks are often timed during peak sales periods, making downtime especially costly. At the same time, identity-based attacks are increasing,” he noted.
“AI helps criminals create realistic phishing messages or impersonate executives, suppliers or customer service staff. Once an attacker takes over an account, they can move through systems quietly, access sensitive data and disable safeguards before anyone notices.
“For customers, the impact is immediate. Fraud, account takeovers and data breaches reduce confidence quickly, especially in retail where customers have many alternatives. Trust lost during a cyber incident is hard and expensive to rebuild. For operations, this means identity security is now critical. Retailers who don’t have strong controls around who can access systems, detecting cyber threats and how quickly they can respond when something goes wrong will face higher risks of both disruption and long-term brand damage.”
Potential real-world consequences of successful cyberattacks
Handa said it’s clear that cyberattacks on telecommunications and energy don’t just affect companies, they can directly affect people’s daily lives.
“In telecommunications, a serious cyber incident can interrupt mobile service, internet access or emergency communications and because so many businesses and public services depend on these networks, even a short disruption can ripple across the economy, affecting payments, logistics, retail operations and public safety,” he said.
“Cyberattacks on energy and utilities carry even greater risks. Disruptions to power or fuel systems can halt production, shut down transportation and create safety concerns. These systems are complex and interconnected, which makes recovery more challenging once an attack has taken place.
“The broader concern is public trust. When essential services are disrupted, confidence in infrastructure quickly erodes and attackers increasingly understand this and target sectors where disruption has high visibility and impact. The takeaway is that cyber resilience in telecom and energy is no longer just about protecting data, It’s about ensuring services stay available, disruptions are limited and recovery happens quickly to avoid widespread consequences for Canadians.”
Top priorities for Canadian organizations, especially in retail
Handa said organizations need to move away from reacting after an incident and toward being ready before one happens.
“One of the top priorities is identity management because most modern attacks start with a stolen or misused logins. Stronger authentication, better monitoring and faster response when accounts are compromised can stop small issues from turning into major incidents,” he said.
“Second, cyber risk needs attention at the leadership level. Our outlook highlights that organizations do better when cyber decisions are tied to business priorities like customer trust, uptime and reputation, not treated solely as a technical issue for IT teams.
“Third, organizations need to look beyond their own walls. Retailers rely on supply chains and their vendor’s products and services, multi tenant platforms and logistics partners which broaden the potential attack surface. AI makes it easier for a breach at one supplier to affect many others so understanding and managing third party risk is essential.
“Finally, companies must invest in proactively identifying and managing vulnerabilities while keeping pace with the quickly evolving cyber threat landscape with real time detection and recovery. In a fastmoving threat environment, the ability to spot problems early, recover systems quickly and communicate clearly with customers matters just as much as prevention. In today’s environment, strong cyber resilience isn’t just about avoiding damage, it’s a way to protect trust and stay competitive.”
More from Retail Insider:
