The services sector, which includes subsectors like advertising and marketing, was most likely to be targeted by cyber threats in 2022, according to new research from PwC.

The firm’s report found that services – which includes marketing, automotive, education, hospitality, legal and accounting – was the top sector targeted (20%), followed by manufacturing (16%), public sector (10%) and retail, construction, IT and healthcare (all at 8%).

The report also found that 11% of Canadian CEOs believe their company will be either highly or extremely exposed to cyber risks over the next 12 months and 18% over the next 5 years, with 79% of organizations surveyed saying that keeping up with the speed of digital and other transformations is a significant risk management challenge. More than two-thirds of Canadian executives consider cybercrime their most significant threat in the coming year.

According to the PwC report, geopolitical tensions, economic conditions and rapid post-pandemic digitization, are among the factors that have radically changed the threat landscape in the past year. In fact, nearly half of Canadian executives (49%) are considering increasing their investment in cybersecurity and privacy, thanks to events like, the war in Ukraine.

Also, 2022 saw rapid developments in AI-powered cyberattacks. The report warns that mainstream developments, such as generative AI platforms and solutions, could become targets in 2023 and beyond.

“Organizations will need to embrace a more holistic approach to cyber security to manage the complexity of the rapidly evolving cyber threat landscape,” says Umang Handa, partner, National Cybersecurity Managed Services Leader, PwC Canada.

In 2023, ransomware will be one of the most critical cyber threats to Canadian organizations, with 39% of respondents saying threats will increase in 2023 versus 2022.

Data breaches will remain a key threat, particularly third-party breaches, and threat actors increasingly used supply chain attacks to gain initial access to the networks and systems of target organizations. The PwC survey reveals that only 24% of Canadian respondents have fully mitigated the risks associated with supply chain digitalization.

A growing number of attacks have included a distributed denial-of-service (DDoS) component aimed at overwhelming an organization’s server, and 20% of Canadian respondents believe this year will see a rise in these kinds of attacks year-over-year.

Also, according to the PwC report, there has been a steady rise in the number of business email compromise attacks and phishing campaigns aimed at Canadian organizations, which have also expressed concern over zero day vulnerabilities, a system or device that has been disclosed but is not yet patched.