AI-powered cyber attacks hit 1 in 3 Canadian businesses: QBE research

One in three Canadian businesses (33%) experienced cyber incidents in the past 12 months which they believe leveraged Artificial Intelligence, with phishing among the most frequent methods, according to global research from business insurer QBE.

Artificial Intelligence is becoming ubiquitous in the Canadian economy, with 97% of businesses using it or looking into it, up from 94% last year, said the company.

Source: Opinium surveys for QBE

Efficiency and productivity are among the top motivations for deploying AI, as more than half of businesses rolling out the technology mention these objectives, said QBE

”As new technologies such as AI become embedded in operations, effective risk management remains fundamental to ensuring sustainable and resilient growth,” said Kyle Gray, Underwriter Team Lead, QBE Canada.

“AI risk doesn’t stop at the internal perimeter. Organizations need the same level of discipline and oversight across their third-party ecosystem, because weaknesses in the supply chain can quickly become risks to the business itself.”

Businesses are taking various steps to safely roll out AI into their operations, from training staff on responsible use, to checking data quality or monitoring outputs for bias. However, they worry their vendors might not be taking similar measures. 63% of Canadian businesses are concerned about potential risks arising from how their suppliers use AI, noted QBE.

Over the past 12 months, 57% of Canadian businesses have experienced one or more cyber events, a proportion slightly higher than last year (53%). Among affected businesses, 65% suffered at least one cyber attack that was related to a supplier (up from 58%) and 58% experienced revenue loss (up from 51%), it said.

“The disruption can be significant. Overall, 16% of Canadian businesses have experienced a cyber event in the last 12 months that resulted in a business interruption of one working day or more (down from 18%),” said QBE.

“Two in three respondents (65%) are concerned about the cyber threats their business may experience over the next 12 months, a smaller proportion than last year (78%) but still prompting investment.

“Most of them say their IT cybersecurity budget is going to increase over the coming year (31% in line with inflation and 31% beyond inflation). And 72% now have cyber insurance, compared to 67% last year. In addition, 83% have an incident response plan, up from 79%.”

The 2026 Opinium survey about AI and cyber risks for QBE covers 15 countries (Australia, Canada, Denmark, France, Germany, Hong Kong, Italy, Netherlands, New Zealand, Singapore, Spain, Sweden, United Arab Emirates, UK, USA), with a total sample of over 6,000 businesses.

QBE’s checklist

To tackle cyber threats, businesses should:

• identify critical assets, threats, and vulnerabilities to gain a clear overview of exposure
• Define acceptable risk so leadership can set boundaries
• Prioritise mitigation strategies (direct resources towards areas of greatest impact)
• Test contingency plans and recovery protocols
• Stress test crisis management
• Incorporate third-party expertise to help manage residual and emerging risks
• Continuously adapt cyber defences to evolving threats, technology and business needs.

To mitigate third-party vulnerabilities, businesses should also:

• Implement strong identity and access management (IAM) protocols
• Run regular configuration audits
• Encrypt sensitive data across all cloud environments
• Evaluate the security posture of their third-party providers
• Establish clear protocols for managing supply chain exposure.

More from Retail Insider:

• Q1 2026 Retail Technology Retail Report: AI Agents Rewrite The Buying Journey