As an active contributor to Canadian Centre for Cyber Security (Cyber Centre) projects and GeekWeek, Critical Path Security is pleased to share the key findings from the recently published National Cyber Threat Assessment 2025-2026 (NCTA). This report from the Cyber Centre underscores the evolving cyber threat landscape in Canada, revealing the complex, rapidly advancing cyber threats facing individuals, organizations, and critical infrastructure.
About the Cyber Centre
The Canadian Centre for Cyber Security, part of the Communications Security Establishment Canada (CSE), acts as Canada’s primary authority on cybersecurity. Collaborating with government, critical infrastructure, and private sector partners, the Cyber Centre aims to mitigate and recover from cyber events, raising the nation’s cyber resilience. This latest threat assessment forms part of the Cyber Centre’s mission to deliver timely, relevant information that Canadians and organizations can use to stay secure.
National Cyber Threat Assessment (NCTA) 2025-2026: Key Takeaways
Increasingly Complex and Aggressive Cyber Threats
The NCTA 2025-2026 highlights that Canada faces a growing array of sophisticated cyber adversaries, both state-sponsored and non-state actors. These include:
- State-Sponsored Cyber Threats
The People’s Republic of China (PRC), Russia, and Iran are named as prominent state actors using cyber operations to pursue their national agendas:- China: The PRC’s cyber activities, from espionage to intellectual property theft, aim to serve political and commercial interests. The PRC’s cyber program stands out as the most aggressive and advanced threat to Canada.
- Russia: Motivated by geopolitical goals, Russia’s cyber activities target Canadian allies and critical infrastructure. Pro-Russian non-state actors are also implicated in attempts to influence Canada’s foreign policy.
- Iran: Iran’s cyber efforts include tracking regime opponents and, more recently, extending disruptive activities outside the Middle East.
- Cybercrime
Cybercrime remains a pervasive threat, with ransomware at the forefront, especially for critical infrastructure. The Cybercrime-as-a-Service (CaaS) model enables a range of cybercriminals to carry out ransomware attacks, increasingly using advanced tactics to evade detection. Ransomware remains the most disruptive form of cybercrime, affecting service delivery and the well-being of Canadian citizens. - Hybrid Cyber Threats
State adversaries increasingly use cyberattacks alongside information campaigns to shape public opinion and disrupt Canadian systems, especially in the event of political tensions or conflicts.
Cybercrime-as-a-Service: Enabling the Cyber Threat Ecosystem
The NCTA 2025-2026 emphasizes the role of CaaS in sustaining cybercrime globally. This ecosystem offers cybercriminals easy access to malware, stolen data, and other tools, lowering the bar for entry. This trend not only bolsters the frequency and sophistication of cyberattacks but also presents challenges for law enforcement agencies trying to keep up.
Strategic Implications for Canada
Given the escalating cyber threats, this report provides valuable insight for Canadian organizations, government bodies, and individuals to fortify their defenses. It stresses the importance of collaboration and continuous improvement in cyber resilience to stay ahead of malicious actors.
Conclusion
The Cyber Centre’s National Cyber Threat Assessment 2025-2026 offers an in-depth look at Canada’s current threat landscape and future trends. Through our collaboration with the Cyber Centre, Critical Path Security remains committed to helping Canadian organizations protect themselves against evolving cyber threats.
For more details, the full NCTA 2025-2026 report is available for download: [National Cyber Threat Assessment 2025-2026 (PDF, 4.22 MB)]