National Cyber Threat Assessments

Canadian organizations and individuals are more connected than ever before and are using the Internet in novel ways. This is creating new and unique opportunities for cyber threat actors to exploit connections, cause disruptions and steal sensitive data.

This page provides resources from the Cyber Centre to help Canadian individuals and organizations understand the cyber threats facing Canada and learn how to better protect themselves.

About the National Cyber Threat Assessment (NCTA)

The NCTA is one of the Cyber Centre’s flagship cyber security reports. Its purpose is to help build Canada’s resilience to cyber threats. The NCTA explains the cyber threats facing Canada, describes the likelihood that these cyber threats will occur and outlines how they will evolve in the coming years. This forward-looking document is published every two years and is based on both classified and unclassified sources.

Introduction to the Cyber Threat Environment

Published alongside every iteration of the NCTA is an update to our Introduction to the Cyber Threat Environment. This reference document provides baseline information about the different types of cyber threats, as well as cyber threat actors, their motivations, their techniques and their tools in a Canadian context.

Advice and guidance

Many cyber threats can be mitigated through awareness and best practices in cyber security.

Below you’ll find tailored advice and guidance on the key topics identified in the NCTA.

Guidance on the threat of ransomware

“Ransomware is a persistent threat to Canadian organizations.”


Gains access

Threat actor finds a way into your network.


Takes control

Threat actor gains access of connected systems and services.


Impacts organization

Threat actor encrypts and copies your data, deletes connected backups, and demands a ransom.


Cybercrime continues to be the cyber threat activity most likely to affect Canadians and Canadian organizations. Due to its impact on an organization’s ability to function, ransomware is almost certainly the most disruptive form of cybercrime facing Canadians. Cybercriminals deploying ransomware have evolved in a growing and sophisticated cybercrime ecosystem and will continue to adapt to maximize profits. For comprehensive information on protecting your organization from ransomware, see the following publications, Ransomware playbook (ITSM.00.099), Ransomware: How to recover and get back on track, Ransomware: Don’t get locked out, and Ransomware: How to prevent and recover (ITSAP.00.099)

Top security actions for organizations

Additional resources


Guidance for critical infrastructure (CI)

“Critical infrastructure is increasingly at risk from cyber threat activity.”

Critical infrastructure sectors - Long description immediately follows
Long description - Critical infrastructure sectors
  • Energy and utilities
  • Finance
  • Food
  • Health
  • Government
  • Safety
  • Water
  • Transportation
  • Information and communication technology
  • Manufacturing

Cybercriminals exploit CI because downtime can be harmful to their industrial processes and the customers they serve. State-sponsored actors target CI to collect information through espionage, to pre-position in case of future hostilities, and as a form of power projection and intimidation. However, we assess that state-sponsored cyber threat actors will very likely refrain from intentionally disrupting or destroying Canadian CI in the absence of direct hostilities. For more information, see Security considerations for Critical Infrastructure (ITSAP.10.100).

Top security actions for CI organizations

Additional resources


Guidance on the threat of state-sponsored actors

“State-sponsored cyber threat activity is impacting Canadians.”






North Korea




We assess that the state-sponsored cyber programs of China, Russia, Iran, and North Korea pose the greatest strategic cyber threats to Canada. State-sponsored cyber threat activity against Canada is a constant, ongoing threat that is often a subset of larger, global campaigns undertaken by these states. State actors can target diaspora populations and activists in Canada, Canadian organizations and their intellectual property for espionage, and even Canadian individuals and organizations for financial gain. For more information on assessing, understanding and mitigating the risks posed by state-sponsored threat actors, see State-sponsored espionage and threats to critical infrastructure.

Top security actions for organizations

Additional resources


Guidance on the threat of misinformation, disinformation and malinformation (MDM)

“Cyber threat actors are attempting to influence Canadians, degrading trust in online spaces.”


We have observed cyber threat actors’ use of misinformation, disinformation, and malinformation (MDM) evolve over the past two years. Machine-learning enabled technologies are making fake content easier to manufacture and harder to detect. Further, nation states are increasingly willing and able to use MDM to advance their geopolitical interests. We assess that Canadians’ exposure to MDM will almost certainly increase over the next two years. For more information on MDM, see How to identify misinformation, disinformation, and malinformation (MDM) (ITSAP.00.300).

Top security actions for organizations

Additional resources


Guidance on the threat of disruptive technologies

“Disruptive technologies bring new opportunities and new threats.”


Digital assets, such as cryptocurrencies and decentralized finance, are both targets and tools for cyber threat actors to enable malicious cyber threat activity. Machine learning has become commonplace in consumer services and data analysis, but cyber threat actors can deceive and exploit this technology. Quantum computing has the potential to threaten our current systems of maintaining trust and confidentiality online. Encrypted information stolen by threat actors today can be held and decrypted when quantum computers become available.

Top security actions for organizations

  • Assess and understand the risks associated with the adoption of these new technologies
  • Leverage capabilities such as artificial intelligence, advanced analytics, and machine learning to rapidly identify emerging trends and implement risk controls to protect your organization
  • Implement operations security (OPSEC) and verification actions when using machine learning applications
  • Track findings from trusted sources (e.g. government publications, industry experts) on quantum cryptography developments
  • Confirm whether your vendors use standardized, validated cryptography (e.g. validated modules under the Cryptographic Module Validation Program) in current and future agile products
  • Exercise caution when considering the use of cryptocurrency and understand the risks of fluctuating value and lack of regulatory governance

Additional resources


Report a cyber incident

Reporting a cyber incident helps the Cyber Centre keep Canada and Canadians safe online. Your information will enable us to provide cyber security advice, guidance and services.

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to inform Canadians about cyber security and the simple steps they can take to protect themselves online.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: