Why Statistic Canada’s data on cybersecurity and cybercrime matter?

Pour la version française, consultez cette page.

In Canada and elsewhere, statistics are essential for the development of evidence-based and effective public policies. The use of consolidated statistics in the prevention and control of cybercrime is all the more important since the Canadian government has now a roadmap for Canada’s path forward on cyber security with the National Cyber Security Strategy, coupled with funding of $507.7 million over five years.

Yet, the development of public policies and the identification of best practices and strategies in cybersecurity are based on two essential and related activities: on the one hand, scientific research that aims to better understand the economic, social and environmental dimensions of cybersecurity and cybercrime; on the other hand, the design of policies, regulations and laws to respond effectively to these phenomena. At the heart of these activities is the need for reliable and impartial statistical data.

In this context, SERENE-RISC partnered with Statistics Canada to disseminate and promote the results of the Canadian Survey of Cyber ​​Security and Cybercrime (CSoCC) conducted by Statistics Canada in 2017-2018. We invite all members of the cybersecurity ecosystem to download and analyse these results to gain new insights into the economic impact of cybercrime on businesses and develop promising cybersecurity strategies.

The need for nation-wide recognized statistics in cybersecurity and cybercrime

There may be a gap between the alarmist statements disseminated by cybersecurity actors and the lack of reliability, robustness and consensus of the statistics used to support them. These alarmist messages rely extensively on statistics whose nature, source and quality are problematic such as: opinion polls made with reduced sample sizes; lack of comparability of the statistics collected; extreme diversity of stakeholders that mobilize disparate analytical methodologies; lack of systematization in the frequency of data collection, which prevents the rigorous analysis of the evolution of the phenomena studied; under-reporting of cybercrimes, etc. All these factors slow down public and private organizations’ benchmarking and improvement efforts, and decision-makers’ willingness to implement evidence-based interventions.

How can we further use the CSoCC?

By providing access to the aggregate results of the CSoCC, SERENE-RISC wishes not only to help disseminating as widely as possible more robust statistics, but also emphasizing the uses that can be made of the data. Over the coming weeks, SERENE-RISC will release short introductions about:

  • The most popular cybersecurity measures among Canadian Businesses
  • The professionalization of cybersecurity
  • The challenge of cybersecurity training
  • The identification and management of cyber risks
  • The prevention and detection of cyber risks
  • The impacts of cyber incidents on Canadian Businesses
  • Businesses resilience
  • The reporting cybercrimes to the police
  • Cyber ​​insurance



Dupont, B. and Côté, A.-M. (2018). The insufficient nature of cybercrime statistics (p.76-77).
Robson, B. (2017). The vital role of statistics in public policy and good governance with William B.P. Robson of the C.D. Howe Institute.
Statistic Canada. (2017).Canadian Survey of Cyber ​​Security and Cybercrime (CSoCC)