More than 10,000 Canadians received a medically-assisted death in 2021: report
Quebec Superior Court suspends Bill 96’s translation requirement until constitutionality determined
The Ontario government has given Maggie an ultimatum: the disabled teen can lose her funding or her independence
FBI took 11 sets of classified material from Trump’s Mar-a-Lago home while investigating possible Espionage Act violations (US)
Ontario class action settlement reclassifies volunteers as employees, setting new precedent
Availability of Judicial Review in SABS Disputes
Are masking policies still valid?
Justice Canada releases commission report on impact of lack of legal aid in family law disputes
Harmonized sales tax part of maximum amount of attendant care benefits owed by insurer: court
New rules coming next month to help Canadians with cancelled and delayed flights
Stephen King set to testify for govt in books merger trial (US)
New law program in Quebec to begin next fall, a first in 50 years
The Impact of the Lack of Legal Aid in Family Law Cases
SCC rules that when someone is required by their partner to wear a condom but do not, they could be guilty of sexual assault.
Big Plastic suing feds over single-use ban — again
Tim Hortons offers coffee and doughnut as proposed settlement in class action lawsuit
The SCC has refused to hear the appeal to declare the renewal of the state of health emergency by the Quebec government invalid
Federal privacy commissioner investigating controversial ArriveCAN app
Kraken, a U.S. Crypto Exchange, Is Suspected of Violating Sanctions (US)
Ontario court certifies class action on former patients’ anxiety from notice of risk of infection
The stakes couldn’t be higher as Canada’s top court decides whether to hear climate class action lawsuit
Professor Barnali Choudhury selected by EU as trade and sustainable development expert
The Supreme Court decision on the ‘Ghomeshi’ amendments will help sexual assault victims access justice
AFN Reaches $20 B Final Settlement Agreement to Compensate First Nations Children and Families

Cybercrime Skyrockets in Canada, but the Legal Profession Isn’t Keeping Up

The “number and perniciousness of cyberattacks increased dramatically" in 2021, according to a new report by Canadian firm Blake Cassels & Graydon. And the number of reported cybersecurity breaches—just in Canada alone—has risen by more than 2,000% over the past decade, the report said.

PHOTO: knssr/
Cyberattacks have increased dramatically over the past year, both in the number of attacks and the degree of harm they cause, and law firms and law schools need to up their game in training lawyers to deal with cybersecurity, says technology lawyer Sunny Handa.

Handa is one of the leaders of Blake Cassels & Graydon’s national cybersecurity practice and part of the team responsible for the firm’s newly released Canadian Cybersecurity Trends Study 2022.

According to Blakes’ annual cybersecurity report, the “number and perniciousness of cyberattacks increased dramatically” in 2021. And over the past decade, the number of cybersecurity breaches reported under Canada’s federal privacy law has increased by more than 2,000%, the report said.

That only includes incidents affecting those required to report breaches, such as federal government agencies, railways, the postal service, airlines and banks. It does not apply to the majority of businesses in the country.

“If you’re working at a law firm, this is now going to be part and parcel of life going forward for the foreseeable future, much in the same way that privacy law wasn’t a thing 30 years ago,” he told International.

He said the “game” is changing monthly in cases like ransomware—which made up 55% of cybercrime incidents, Approximately 25% of ransom payments exceeded US$1 million, the report said.

“If you went back three years ago, when you talk to anyone about multimillion-dollar ransoms, they would have laughed,” Handa said.

The report also showed that 83% of companies hit with a cybersecurity incident did not report it to the police. While privacy regulators require some mandatory breach reporting in federally regulated organizations such as banks and airlines, few provincial privacy commissioners have compulsory reporting requirements of privacy and data breaches.

Cybersecurity issues are now “woven into the fabric of legal practice,” but there are still only a handful of firms, in Canada anyway, that have the capacity and expertise to deal with cybersecurity and cyber-preparedness. The area is no longer the purview of only insurance lawyers, said Handa, but is now an integral part of mergers and acquisitions and other corporate law matters.

Questions have to be asked of all parties about their cybersecurity and whether they have had any breaches or unauthorized access to their data, he said.

“That linkage between cyber and M&A is definitely a must,” said Handa, “I don’t think the legal profession is there yet.”

Younger lawyers comfortable with technology and law school students, who should be taught more about cyber-preparedness and cybercrime, are needed to take on the increasing workload in this area, he said.

“But it’s going to take time,” said Handa. “You can’t snap your fingers and expect a bunch of lawyers who are skilled in this area to show up overnight.”

Handa said his team at Blakes dealt with more than 100 cyberincidents last year. He personally worked on 57.

“It is relentless,” he said “There are no vacations.” 

The report’s data was collected from publicly available information provided by companies listed on the Toronto Stock Exchange, as well as from Blakes’ internal data and other data sets the firm has access to, said Handa. The report’s data is “quite reflective” of what they’re seeing elsewhere in the world, he added.

Handa said “police reporting is going up, but that is still a woefully low number by anyone’s standard.” This is in part because many police forces don’t have the expertise or resources to deal with cybercrime but also because companies don’t want investigations or the publicity that frequently goes along with reporting cybercrimes to the police—particularly if they’ve paid a ransom.

But he said reporting to the police is valuable. Using the information, police can compile data internally and also share it with other police forces so they may also help catch “threat actors” down the road.

The Blakes’ report also highlights the rise in ransomware and hacking as a service and the increased use of “doomsday” clocks.

“Threat actors who had developed impressive platforms and tools to engage in their hacking exploits, in an effort to increase revenues, are moving to a licensing model,” which the report said “undoubtedly” has contributed to even more cyberattacks.

It also said the use of doomsday clocks as a pressure tactic is an “increasingly consistent approach” with cybercriminals. The groups post on the web fragments of data they have taken, threatening to publish all the victim’s data on the dark web when the clock runs out.


Want direct access to the latest LITN content?

Stay in the loop ➞ Subscribe to LITN instant notifications.
Receive the latest content delivered directly to your device.
Unsubscribe at anytime.

Latest News


Join the LITN Newsletter ➞ the latest news delivered to your inbox. Unsubscribe at any time.


Instagram Feed