Friday, October 24th, 2025 | Toronto, ON CANADIAN SME SMALL BUSINESS SUMMIT
This exclusive one-day show will feature panel discussions, webinars, and keynote presentations from Canada’s top business leaders and entrepreneurs. Email info@canadiansme.ca for more details!
October 14–15, 2025 | Montréal, QC INCYBER FORUM CANADA
Join the leaders shaping tomorrow’s cybersecurity. To learn more, scan the QR code.
As Canada’s first-ever Minister of Artificial Intelligence and Digital Innovation, how are you weaving trust, privacy, and digital safety into the broader AI and digital innovation agenda?
Trust has to be the foundation of Canada’s AI strategy. Canadians need to know their data is secure, their privacy is protected, and that the systems they use are built responsibly. That’s why we’re investing in sovereign data centres and secure cloud services — so Canadians can trust where their information is stored. We also funded and launched the Canadian Artificial Intelligence Safety Institute to study the risks of advanced AI and make sure those systems earn the trust of Canadians before they’re deployed.
How is your ministry facilitating collaboration between government and the private sector to co-develop secure, responsible AI and digital technologies?
Last November, the Government of Canada launched the Canadian Artificial Intelligence Safety Institute (CAISI) with the mandate to advance scientific understanding of the risks associated with the most advanced AI systems, develop measures to reduce those risks and build trust to foster AI innovation. Yoshua Bengio, is the Chair of the Safe and Secure AI Group at CAISI and he is bringing his expertise and inside look from MILA to this collaborative group connecting academics, industry, and government.
What support are you providing to help small businesses adopt AI safely and responsibly, despite limited in-house expertise?
For small businesses, AI can feel daunting — and trust is key to adoption. That’s why we’ve invested heavily in programs that connect them with Canada’s AI talent, research, and commercialization expertise.
This is where my two roles coincide, where the Federal Economic Development Agency for Southern Ontario plays a role in helping small businesses grow. The goal is simple: give small businesses the tools and confidence they need to scale up and impact our economy.
CIn a landscape of ever-evolving cyber threats, Canadian Cyber Threat Exchange is facilitating the collaboration organizations need to stay secure.
yber threats aren’t what they used to be. “Cybercrime today is a full-on business,” says Jennifer Quaid, Executive Director of the Canadian Cyber Threat Exchange (CCTX), a member-based not-for-profit.
“It comes with a help desk and reviews. Cybercriminals can rent or buy ransomware tools rather than building them. The barriers to entry to becoming a cybercriminal are almost non-existent now.”
Any guardrails one might expect in a legitimate business — for example, companies restricting how AI and LLM systems access certain types of data do not exist in this the cyber criminal environment, according to Quaid. “AI has enabled cybercriminals to do more, faster, better,” she says. “They’re not operating with any rules.”
From ransomware as a service to AI-turbocharged tactics, cyber attacks have become more sophisticated, more plentiful, and far riskier. “Ransomware is hitting at an alarming rate,” says Quaid. “It’s getting exponentially faster. And AI is making phishing attacks so good that we can no longer rely on the grammar
Tania Amardeil
and spelling mistakes to identify a fake or malicious email. As well, impersonation and deep fakes have become a more common issue thanks to AI.
Against such a challenging backdrop, no single organization can defend themselves alone.
Embracing collaboration Today’s cyber resilience needs to have collaboration at its core. “Collaboration is the only way that we’re going to level the playing field with the threat actors,” says Quaid. “It’s a force multiplier for any organization.”
Collaboration plays a critical role in addressing the evolving and persistent nature of cyber threats, and Quaid emphasizes that a cross-sectoral lens is equally important. “Cyber attacks nowadays are sector-agnostic,” she says. “If an attack worked in health care, it’s going to work in education, manufacturing and construction, too. If you’re only talking to organizations in your sector, you may not benefit from advanced knowledge of the attack vector and mitigation strategies.”
Building resilience and security is an imperative for organizations of all sizes. Large organizations are not the
only ones being targeted by cybercrime.
Small- and medium-sized businesses are increasingly being targeted, the payouts are smaller but less risky and usually easier for the attacker.
The benefits of membership
The CCTX has been enabling cross-sectoral collaboration for 10 years, and encourages member companies of all sizes, sectors, and levels of cyber preparedness to participate in its weekly threat calls and specialized collaboration groups.
“We have more than 200 member companies across 13 sectors,” says Quaid. “Our weekly threat calls typically have 60 to 80 organizations joining, and that’s where meaningful collaboration happens because people build trust.”
The CCTX is constantly evolving to meet its members’ needs in the face of an ever-shifting cybercrime landscape.
“While our vision 10 years ago was a technical portal, today the most meaningful exchanges happen live, human to human,” adds Quaid.
Ali Ghorbani Professor, Faculty of Computer Science & Director, Canadian Institute for Cybersecurity, University of New Brunswick
Cybersecurity is not simply an IT problem,” says Ali Ghorbani, a Tier 1 Canada Research Chair in Cybersecurity, Professor in the Faculty of Computer Science at the University of New Brunswick (UNB), and Director of the Canadian Institute for Cybersecurity (CIC) at UNB. “Cybersecurity is everyone’s problem. It’s a personal problem. It affects our very private information that we dearly want to protect, and it affects the health and safety of individuals. It’s a business problem, it’s a government problem, and it affects the critical infrastructures that we all depend on. It affects the international relationships between countries.”
Cybersecurity is so broad-reaching it can be hard to quantify.
“Canada’s vital sectors, including health care, energy, finance, education, and retail, are prime targets for cyberattacks,” says Ghorbani. “These industries hold large amounts of sensitive data, provide essential services, and form the backbone of the country’s economy and security.”
Ghorbani adds that their interconnectedness and dependence on digital infrastructure make them especially vulnerable to advanced cyber threats, ranging from ransomware and data breaches to supply-chain attacks and state-sponsored operations.
The cost of cyberattacks
The financial impacts of cyberattacks can be devastating.
In 2024, Canadian organizations faced an average cost of $6.32 million per data breach, with the financial sector experiencing even higher losses, averaging $9.28 million per incident.
These costs extend beyond financial loss, often causing major reputational damage and eroding trust and goodwill, which in many cases have been built over years or even decades.
“Businesses need to be as concerned with their cybersecurity as they are their fi nancial bottom line,” says Ghorbani. “It’s the same as leaving your house and locking the door. Ask yourself, am I protecting the company? Am I saving the operation?”
He stresses that companies and individuals alike must invest in cyber awareness and education, learning to understand the risks and working diligently to protect against them.
A national hub for innovation and partnerships
UNB’s work in cybersecurity dates back 25 years, beginning with the Information Security Centre of Excellence, and now the CIC. In that time, Ghorbani and his colleagues have nurtured partnerships with government and industry and have worked together to pioneer solutions to the most pressing issues in cybersecurity.
The CIC was the fi rst cybersecurity institute in the country. A world leader in cybersecurity research and development, its eff orts also include training, awareness, professional development, and supporting entrepreneurship.
“CIC is unique in the way it partners with industry,” says Ghorbani. “We have a membership-based program where companies of all sizes have access to our world-class researchers. We provide consulting and assessment, and together we develop solutions, including software and new technologies that ultimately protect these companies from attack.”
Seven global corporations are part of CIC’s membership, including Mastercard, Siemens Canada, and Scotiabank.
Collaboration at the national level
In partnership with the National Research Council Canada, CIC established the CIC-NRC Cybersecurity Collaboration Consortium, where researchers work in collaboration to develop cybersecurity solutions and provide training opportunities for UNB-based graduate students and early-career researchers.
Most recently, CIC, with funding support from Public Safety Canada, established a Cyber Attribution Data Centre at UNB to advance national cybersecurity. Along with four other Canadian universities, the CIC also established the National Cybersecurity Consortium, which has received nearly $80 million in funding for cybersecurity research, development, innovation, commercialization, and training.
AI is transforming cybersecurity by enabling faster and more accurate detection, prediction, and prevention of threats. At the same time, it introduces substantial new challenges that researchers must address and solve to ensure secure and trustworthy systems.
CIC also offers training programs, short- and long-term academic degrees, and short-term certificates, training Canada’s next generation of highly skilled cybersecurity professionals.
Educating the next generation has become more important than ever — according to a recent National Cybersecurity Network report, Canada is short 10,000 to 25,000 cybersecurity professionals. Those numbers are set to rise.
Keeping peace in cyberspace
The cybersecurity industry is projected to grow from US$14.38 billion in 2025 to US$24.23 billion in 2030.
“AI is transforming cybersecurity by enabling faster and more accurate detection, prediction, and prevention of threats,” Ghorbani says. “At the same time, it introduces substantial new challenges that researchers must address and solve to ensure secure and trustworthy systems.”
We’re living in a new environment. “Society has moved to the cyber world,” says Ghorbani. “Wars will be fought in the cyber world and espionage will take place in the cyber world. It’s an environment that requires its own policy, practices, solutions, locks, and policing.”
Ghorbani sees Canada’s leadership in cybersecurity as an extension of its national identity. “Canada has always been a peacekeeping country,” he says. “With the right investment and support, we have the capacity to be a leading exporter of know-how solutions for keeping peace in cyberspace.”
With machine identities outnumbering humans and AI agents transforming workflows, identity has become the foundation of digital trust.
Fahad Kabir, Canada Identity Security Lead, Accenture Cybersecurity
Identity security — once seen as back office IT — has become foundational to business resilience and innovation. The rise of machine identities, now outnumbering human ones by more than 80 to 1, combined with accelerating adoption of AI agents across enterprises, shows why identity must be treated as critical infrastructure. Accenture’s acquisition of IAMConcepts in Canada reinforces this point: identity is no longer optional — it is central to competitiveness and resilience.
The rise of machine identity & AI agents
In my 20 years in identity security, I’ve seen the field expand from passwords to biometrics to zero trust. But today, the most urgent challenge is machine identity. These are the digital credentials used by APIs, service accounts, cloud workloads, IoT devices, and increasingly AI agents.
The scale is staggering: machine identities now outnumber human identities by over 80 to 1, with nearly half holding sensitive or privileged access. In DevOps environments, that ratio can exceed 45 to 1, and many organizations expect their identity inventories to triple in the near term. Unmanaged or orphaned machine identities have already been implicated in breaches that bypass traditional controls.
Meanwhile, AI agents are rapidly entering the enterprise. By the end of 2025, 85 per cent of enterprises will deploy AI agents in at least one workflow. Early adopters report 61 per cent workflow efficiency improvements, and the AI agent market is projected to hit US$8 billion by 2025. However, 77 per cent of organizations remain without foundational AI security. These agents, while transformative, add to identity complexity: each must be securely governed to avoid becoming an invisible vulnerability.
1. 2. 3. 4. 5.
DISCOVER AND INVENTORY
ALL IDENTITIES:
Identify every human and non-human identity (NHI), including shadow IT and machine accounts. Many hold privileged access yet remain unmanaged — posing major risks.
SECURE EVERY IDENTITY TYPE:
Build a program that addresses all identities — workforce, vendors, IT admins, DevOps, AI agents, workloads, and devices. Include end users, partners, certificates, APIs, and servers to ensure full coverage.
FOSTER SHARED
ACCOUNTABILITY:
Create a cross-functional team that combines internal staff with specialized external expertise. Make accountability clear across all parties to break down silos and strengthen identity protection.
OPERATIONALIZE WITH CHANGE MANAGEMENT:
Treat identity as an ongoing program, not a project. Establish strong change management and embed monitoring, policy updates, and training into daily operations.
Weak identity controls are no longer minor IT flaws — they are existential risks. In an era where machine identities multiply exponentially and AI agents reshape workflows, organizations that embed identity into their digital core will not only stay secure but also gain trust, resilience, and market advantage.
In 2025, Accenture acquired IAMConcepts, a leading Canadian identity and access management (IAM) services provider, to expand its ability to deliver advanced identity security solutions across key industries in Canada. Since its founding in 2013, IAMConcepts has grown into one of the country’s top Identity Security services providers, serving major banks, insurance companies, higher education institutions, and critical infrastructure organizations. Recognized in the 2024 KuppingerCole North American Leadership
Compass for IAM systems integrators, the firm’s local expertise and track record now complement Accenture’s global scale — bringing together global strength with a sharp local focus for Canadian clients.
Kristine Osgoode, Accenture Cybersecurity Lead in Canada, explains, “By strengthening our Canadian IAM capabilities — spanning privileged access, identity governance, and customer IAM — Accenture is aligning with its broader secure digital core strategy and investments in AI.”
Explore how this combined expertise is shaping the future of identity security in Canada by visiting accenture.com/security
BUILD TRUST IN AI: As AI agents proliferate, secure them with verified identities, limited privileges, and monitoring. Building trust in these systems enables safe adoption and accelerates AI-driven transformation.
This acquisition illustrates what Accenture highlights in its State of Cybersecurity Resilience 2025 report: building a secure and resilient digital core is not just a technical necessity but a strategic imperative. Businesses cannot scale AI responsibly without modernized identity governance, including the management of machine identities. Organizations that act now-adopting Zero Trust principles and embedding security into their AI-powered transformation-will be best positioned to survive and thrive.
IAMConcepts is now part of Accenture.
This article was sponsored by IAMConcepts, Part of Accenture
Identity verification solutions are essential for preventing online fraud, but not all solutions are created equally.
Tania Amardeil
Online fraud is exploding.
Digital services are convenient but risky, with fraud in real estate, tax returns, benefits, and banking, causing millions in losses and stress for citizens. Identity verification tools are essential, but many providers store or ship personal data outside Canada, creating privacy risks.
Bluink is a Canadian-built, privacy-first identity verification alternative. It offers fast, remote verification and doesn’t retain personal information, making it a top choice for Canadian businesses and government organizations eager to protect their organization’s security and their clients’ privacy.
Mediaplanet spoke with Bluink CEO Steve Borza and Marketing and Community Director Alex Longval to learn why identity verification is so critical and how Bluink’s eID-Me is helping protect Canadians.
Why is identity verification such a pressing issue for Canadian organizations today?
Steve Borza: COVID brought many traditionally face-to-face processes online, resulting in an explosion of fraud, from people having their houses stolen, to benefits fraud, to car leasing
fraud. It costs millions to the Canadian economy and can be very distressing to individuals who are victims of identity theft. Being able to strongly verify identities online makes society safer and services more efficient, by allowing secure digital transformations, versus requiring in person service delivery.
Alex Longval: As businesses make more services available online, fraudsters follow. You have to counteract that with secure identity verification, and that’s what we provide.
What makes Bluink’s eID-Me app different from other ID verification solutions on the market?
SB: Our mantra is processing Canadians’ information in Canadian data centres. Your personal information never leaves Canada when verified by Bluink.
AL: We build and develop all of our ID verification technology in-house, so we control the process end to end. Nothing is outsourced.
SB: We comply with Canadian privacy laws. Once we verify you, we delete all your information. You’re the only one in control of your personal information, in an eID-Me digital
Every year, cybercriminals expand their reach and increase their global impact. Hundreds of billions of dollars vanish through ransom and theft of intellectual property. Power grids, hospitals, companies, and even elections are targeted, putting democracy at risk. Charles Finlay, Founding Executive Director of the Rogers Cybersecure Catalyst at Toronto Metropolitan University, and Ulrike Bahr-Gedalia, Senior Director of Digital Economy, Technology, and Innovation at the Canadian Chamber of Commerce, discuss how a two-pronged approach can ensure Canada’s cyber defences remain competitive in a geopolitically changing world.
Bahr-Gedalia: How can law enforcement agencies keep up with cybercriminals who operate without borders?
Finlay: Law enforcement agencies must match the agility of cybercriminals. Arrest powers are usually limited to specific jurisdictions, so agencies must coordinate seamlessly across borders and share information quickly. They leverage multinational enforcement platforms and legal processes to identify victims, take down sites, follow crypto payments, seize hardware, and arrest suspects — all in real time. Building a meaningful deterrent requires radical multilateralism and implicit trust between dozens of global agencies, as well as prosecutors and judges who understand the seriousness of cybercrime. Done properly, it works: Canadian law enforcement has participated in major international operations, including the 2024 LockBit takedown, which involved at least 10 nations.
Bahr-Gedalia: But international cooperation is becoming more difficult, correct?
Finlay: Unfortunately, yes. Structures and relationships that make global law enforcement possible are breaking down as the U.S. withdraws from collaborations such as UNESCO, the Paris Climate Agreement, and WHO. Surveys show voters outside the U.S. are frustrated, and their political leaders increasingly refuse to work with U.S. agencies or share information. The U.S. had been a key leader, with the reach and resources to coordinate international efforts. Our bridges are crumbling just as we need them most.
Bahr-Gedalia: So, what should Canada do in these circumstances?
Finlay: Canada needs a two-pronged approach. First, invest purposefully in domestic cyber capacity: upskill professionals to meet new AI- and quantum-enabled threats, help SMEs with basic cyber hygiene, and strengthen federal and provincial law enforcement as cybercrime surges. Collaboration across government, the private sector, and academia is essential. Second, work closely with democratic nations that share our values. We must push strongly for joint enforcement and rapid information sharing. This is how Canada can rebuild a meaningful international cybercrime deterrent in an increasingly dangerous world.
wallet, on your phone, and it’s up to you when and with whom to share it.
Some competitors retain selfies and ID photos to build databases of so-called “bad actors.” That’s highly problematic. We don’t want to be anywhere near that kind of operating structure.
Our service also provides a mobile driver’s licence for added convenience.
How can businesses and governments benefit from adopting eID-Me?
SB: There are so many ways. We provide identity verification for Canada Post to strengthen consumer digital experiences. In the real estate market, our verification system caught a fraudulent $1 million transaction. That was a signifi cant win in stopping identity theft and fraud. One of our larger fi nancial services clients has basically seen no known fraud since they implemented us. We can’t do better than that for eliminating fraud.
AL: We’ve got strong fraud prevention, fraud detection, and security and privacy measures. That’s why the largest title insurer in Canada uses Bluink identity verification to build their clients’ trust and detect fraud.
It has never been more important for Canadian businesses to understand the risks of cyber attacks and how to mitigate them.
Ken Donohue
Cyberattacks on Canadian businesses are on the rise, so much so that it’s not a question of if, but rather when a business will be hit. It can cost impacted companies millions of dollars, not to mention reputational damage. This is why understanding the risk and tapping into the right expertise to help identify mitigation strategies in advance is critically important. We spoke to Jason Grimbeek, CEO of Iron Spear, a Canadian-owned full-service cybersecurity company, for his assessment of what executives need to do to protect their businesses.
How big of a problem is cybercrime?
It’s a huge issue, and with advances in artificial intelligence (AI) and ever-evolving technology, it’s becoming even more of a problem. The sophistication of phishing schemes and AI-driven deepfake criminal activity creates security complexities for organizations.
Are Canadian businesses a target for cybercriminals?
Yes. Our integration into the North American supply chain makes us a prime target. Cyber ransom — where criminals steal data or intellectual property and demand payment — is on the rise. Many businesses underestimate their exposure because of Canada’s size, but that’s a mistake.
What should businesses consider when it comes to cybersecurity?
There’s more to it than just defence and offensive testing for vulnerabilities. Executives need to lead the charge by prioritizing cyber governance, policy development, and cyber maturity — understanding where the organization stands and where it needs to be. Leadership must drive a culture of cybersecurity. We’re lagging our European and U.S. counterparts because the Canadian government has been slow to introduce cybersecurity regulatory controls. Despite this, businesses need to be proactive and shore up their systems.
What is something more organizations can do to protect themselves?
Cyber resilience is becoming a big focus. Successful organizations are the ones that develop business continuity and disaster response plans. People often struggle with business recovery following a cyber attack because they underestimate the cost of lost productivity until they’re hit.
What is the Iron Spear advantage?
We’re technology independent, which gives us an unbiased
We
and
