SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada
Canadian city dusk skyline fragile cyber infrastructure cables
#
Firewalls
#
Data Protection
#
Digital Transformation

Canada faces rising cyber risks amid ageing networks

Thu, 19th Mar 2026
Author image
By Sofiah Nichole Salivio, News Editor

Canadian organisations are reporting high levels of cyber disruption and low confidence in their ability to manage external risks, as concerns grow around quantum security, data sovereignty and the condition of legacy networks.

Data from Kyndryl's Security and Networks Snapshot found that 85% of Canadian organisations experienced a significant cyber-related outage in the past year. Yet only 31% of Canadian leaders said they felt fully prepared to manage external risks, despite increased spending on cyber resilience technologies, including AI.

The results point to a widening security and infrastructure gap. Kyndryl identifies three pressures rising at once: quantum readiness, sovereignty-driven changes in technology architecture, and security risks tied to technical debt and ageing network infrastructure.

Quantum readiness

Quantum computing is becoming a focal point for security planning as organisations weigh the risk that future breakthroughs could weaken widely used encryption methods. The Snapshot found that 60% of Canadian organisations believe it is only a matter of time before cybercriminals can leverage quantum computing. However, investment plans do not fully reflect that concern: 59% said they are investing in quantum technologies.

This gap matters because of "harvest now, decrypt later" attacks, in which adversaries collect encrypted data today in the expectation it can be decrypted in the future. The risk is especially acute in sectors that hold sensitive information with a long shelf life, including government, finance, healthcare and critical infrastructure supply chains.

Security teams are also working to distinguish near-term steps from longer-term planning. Efforts such as building cryptographic inventories, improving key management and classifying risk can run alongside assessments of whether systems can be upgraded without disruption. For many organisations, these decisions are shaped by legacy-network constraints and the complexity of widely distributed IT estates.

Data sovereignty

Regulatory and geopolitical factors are influencing decisions about where data is stored and how it moves across borders. The Snapshot reported that 81% of Canadian leaders said emerging data sovereignty and repatriation regulations became more important over the past year. The same proportion said they were concerned about rising geopolitical instability.

These pressures are reshaping enterprise architecture. Organisations that rely on internationally distributed cloud and service models are reassessing where workloads run, how they meet local compliance expectations, and how they manage cross-border access. Some are also revisiting contractual protections, auditing rights and their ability to demonstrate control over data.

The changes can add operational burdens. Shifting data location and access can increase complexity in identity management, encryption practices and monitoring. It can also create new resilience challenges if architectures become more fragmented across regions or providers.

Legacy networks

Network infrastructure is emerging as another constraint as organisations expand AI use and broader digital transformation efforts. AI-driven operations depend on consistent data availability and stable connectivity across sites, applications and users. Many Canadian networks are nearing the end of their useful life, according to the Snapshot.

Less than half of leaders surveyed (39%) said their network infrastructure was prepared to manage future risks. One in five (20%) said their networks were the primary barrier to scaling new technology.

Network performance and resilience affect security outcomes as well as business operations. Fragile or poorly segmented networks can widen the impact of incidents, increase downtime during remediation and reduce visibility for detection and response teams. Modernising network architecture can also require integration work with security tools, identity platforms and cloud environments.

The findings suggest some organisations are adopting AI tools faster than they are upgrading the underlying infrastructure. That can create a mismatch between new operational expectations and the reliability of the networks carrying data between systems. It can also deepen technical debt if quick fixes become embedded in long-term operations.

Denis Villeneuve, Cybersecurity & Resilience Practise Leader at Kyndryl Canada, said these pressure points reflect a broader infrastructure challenge for organisations expanding AI use while facing shifting threats and governance requirements.

"As Canadian organizations accelerate AI adoption, aging networks, tightening data sovereignty requirements, and the growing threat posed by quantum computing are converging to strain the very infrastructure AI depends on," said Denis Villeneuve, Cybersecurity & Resilience Practise Leader, Kyndryl Canada.

Canadian organisations are likely to continue balancing near-term resilience needs with longer-term structural changes, as security planning expands beyond tools and controls into network renewal, cryptographic strategy and data location decisions.

Related stories
WatchGuard & HaloPSA integrate security tools for MSPs
Cloudflare Mesh links AI agents to private networks
Gallagher Security spotlights integrated systems at ISC West
Kijiji adds Interac identity checks to boost trust
Portnox names Jonathan Skinner as Chief Marketing Officer

Top stories

Ledger appoints Ian Rogers to lead AI security push
Claroty xDome adds orchestration to fix visibility gaps
KnowBe4 launches Agent Risk Manager for AI agent security
Microsoft April Patch Tuesday reveals 167 vulnerabilities
GitLab expands Google Cloud partnership for Vertex AI