Auditor General Karen Hogan found that key agencies, including the RCMP, Communications Security Establishment (CSE), and Canadian Radio-television and Telecommunications Commission, lacked the capacity and tools to effectively protect Canadians from cyberattacks and tackle the growing threat of online crime. Hogan’s review highlighted breakdowns in response, coordination, enforcement, tracking, and analysis between and across the organizations. For example, individuals were left unsure of where to make a cybercrime report and may have even been asked to report the same incident to another organization. She also noted that the RCMP struggled to staff its cybercrime investigative teams, with almost one-third of positions vacant as of January. In 2022, victims of fraud reported a total of $531 million in financial losses to the RCMP’s Canadian Anti-Fraud Centre, with three-quarters of these reports involving cybercrime. However, only five to 10 percent of cybercrimes are reported, which could lead to further financial and personal information losses as the volume of cybercrime continues to increase.
The report emphasized the importance of reports going to the organizations best equipped to receive them, as effectively addressing cybercrime relies on proper reporting. While the RCMP, CSE, and Public Safety Canada have discussed a single point for Canadians to report cybercrime, this has yet to be implemented. Between 2021 and 2023, almost half of the reports received by the CSE were deemed out of its mandate because they related to individual Canadians instead of organizations. However, the CSE did not always inform these individuals to report their situation to another authority. Despite some coordination between the RCMP and CSE in responding to high-priority cases and forging partnerships with Canadian and international enforcement agencies, there were limitations. The RCMP did not always forward requests for information from international partners to domestic police agencies, and poor case management hindered their response to cybercrime incidents.
The auditor found that the CRTC does little to protect Canadians against online threats, such as deleting evidence and returning electronic devices on an accelerated timeline to avoid being served with a search warrant. Additionally, the National Cyber Security Strategy developed by Public Safety Canada had critical gaps, such as the absence of the CRTC as a key player despite its mandate to enforce anti-spam legislation. The report highlighted the need for improvements in case management, procedures, and service standards within the RCMP to better manage victim notifications and respond to cybercrime incidents.
Hogan’s report underscored the importance of addressing the growing threat of cybercrime and the need for improved capacity and tools within key agencies to protect Canadians from online crime. With the increasing volume of cybercrime and attacks, it is crucial for organizations to effectively coordinate responses, enforce laws, track incidents, and analyze data to prevent financial and personal information losses. The gaps identified in the response, coordination, enforcement, tracking, and analysis of cybercrime incidents highlight the urgent need for improvement in addressing this evolving threat. By implementing better reporting mechanisms, improving case management and procedures, and enhancing partnerships with domestic and international enforcement agencies, key agencies can better protect Canadians from cyberattacks and online crime.
The findings of the report suggest that there is a significant gap in the capacity and tools of key agencies, such as the RCMP, CSE, and CRTC, to effectively respond to cybercrime incidents and protect Canadians from online threats. With a high percentage of cybercrimes going unreported and financial losses continuing to grow, urgent action is needed to address these deficiencies and improve the overall response to cybercrime. By implementing a single point for Canadians to report cybercrime, informing individuals where to report incidents, and enhancing coordination and partnerships with enforcement agencies, key organizations can work towards better protecting Canadians from cyberattacks and online crime. Ultimately, addressing the gaps identified in the report is critical in ensuring the safety and security of Canadians in an increasingly digitized world.
