As digital transformation continues to accelerate, cybercriminals are also evolving their tactics, leveraging cutting-edge technology to exploit vulnerabilities in businesses and individuals alike.
Canadian organizations must remain vigilant against an increasingly sophisticated cyber threat landscape. Speaking to Insurance Business, Justin Kok (pictured), chief information security officer at Aviva Canada, shed light on the most pressing cybercrime trends this year and how companies can proactively defend against them.
"We cannot emphasize this enough – businesses must take cyber threats seriously," said Kok.
Artificial intelligence (AI) is revolutionizing industries worldwide, and unfortunately, the world of cybercrime is no exception. "Everyone is leveraging AI, cybercriminals and threat actors included, who are always on the bleeding edge of technology," Kok said.
As AI becomes more accessible, bad actors are harnessing its capabilities to enhance phishing attacks, generate deepfake content, and deploy AI-driven malware.
Kok warned that social engineering attacks are rapidly becoming more sophisticated. "Behind the scenes, we can expect reconnaissance, analysis, infostealing, and malware to leverage AI as well,” he said.
These AI-driven threats mean that organizations need to strengthen their security protocols and enhance employee awareness programs to stay one step ahead.
Another significant cyber threat for 2025 is supply chain attacks, in which threat actors infiltrate organizations indirectly through compromised suppliers.
"Some organizations will be hit through a backdoor because the threat actor couldn’t make it through the front," Kok said. "In some cases, an organization may end up as collateral damage when one of their suppliers is compromised."
Businesses must prioritize supply chain security, implementing stringent vendor risk assessments and monitoring third-party networks for suspicious activity. A proactive approach can help mitigate the risk of cascading cyber incidents.
Ransomware remains one of the most lucrative cybercrime tactics, with organizations across all industries facing escalating threats. "It’ll continue to hit organizations, and it isn’t going to go away anytime soon as long as it’s profitable and in general low risk for threat actors," said Kok.
Phishing remains a primary entry point for ransomware attacks. "Phishing will be used in many cases to start a ransomware or a supply chain attack, and many phishing campaigns will leverage AI, so be extra vigilant," Kok said.
Organizations must reinforce their email security measures and educate employees on recognizing and reporting phishing attempts.
Certain industries are particularly attractive targets for cybercriminals due to the sensitive data they handle.
"Critical services like finance, healthcare, and energy/utilities are likely most at risk," Kok said. "They possess highly sensitive information, which would be attractive to cybercrime. And as these sectors are generally well-funded, they will have a target on their backs."
The financial sector remains a prime target due to its wealth of financial data, while healthcare organizations store vast amounts of confidential patient information. Similarly, energy and utility companies manage critical infrastructure that, if compromised, could have far-reaching consequences.
Businesses in these sectors must adopt robust cybersecurity strategies, including continuous monitoring, threat intelligence sharing, and incident response planning.
With cyber threats growing in sophistication, the role of insurers in helping businesses mitigate risks is becoming more crucial.
"We take our responsibility as an insurer very seriously in protecting our customers’ data and information, ensuring that we maintain the service (availability) we provide them," Kok said. "One of the more frequent cyber risks we see today is social engineering fraud, which can result in both financial loss and potential reputational risk from the breach of confidential information."
To address these risks, Aviva offers cyber coverage tailored to businesses and individuals, including policies specifically designed to combat social engineering fraud. Additionally, the company partners with cybersecurity experts to provide round-the-clock support.
Beyond offering cyber insurance, Aviva also collaborates with brokers and partners to provide complimentary cybersecurity training and awareness programs.
"The more they know, the more they can protect themselves and their families from what’s going on out there," Kok said.
