Newsroom
Events
Subscribe

Canadian businesses focusing cybersecurity efforts on AI management

RSM’s 2026 cybersecurity survey shows spending expected to rise amid new risks

May 13, 2026

Twenty-five per cent of Canadian executives surveyed in RSM’s 2026 cybersecurity report said their companies experienced a data breach in the previous year, reflecting the growing complexity of business risks amid the proliferation of artificial intelligence.

Commensurately, 93 per cent of Canadian respondents expect to increase cybersecurity spending in the coming year.

The data breach findings stand in contrast to responses from U.S. executives, 18 per cent of whom said their businesses experienced a data breach in the previous year.

However, a roughly equal share of respondents from the two countries reported that their organizations experienced a ransomware attack or demand in the last 12 months—25 per cent of Canadian respondents and 24 per cent of U.S. respondents.

RSM’s cybersecurity survey, fielded in the first quarter of 2026, aggregated the responses of 101 Canadian and 501 U.S. middle market executives across a variety of industries—with AI usage and AI-enhanced threats emerging as key influences on cybersecurity strategies.

AI use amplifies current-state identity risk within an organization. If identity controls are weak or poorly governed, AI will scale that risk instantly. The middle market still has a window to mature identity controls now, before AI meaningfully expands the attack surface and drives higher cost, complexity and exposure.
Omer Arshed, Partner, RSM Canada

The report shows that Canadian companies are primarily focusing their resources on AI security and governance (39 per cent). Strategy and risk management (37 per cent) and securing the cloud (32 per cent) are among the other initiatives being prioritized.

Conversely, U.S. respondents emphasized detection and response (39 per cent) as a stronger area of focus compared to AI security and governance (30 per cent).

As for how organizations approach identifying and managing cyber risks, 53 per cent of Canadian respondents said they use a formal risk management framework, in comparison to 40 per cent of U.S. respondents. While 20 per cent of U.S. executives surveyed said they rely on third-party providers or consultants to manage these risks, only nine per cent of Canadian respondents gave the same answer.

Digital identity remains an area where companies in both Canada and the U.S. could sharpen their focus on emerging threats.

“Nonhuman identity is not a new concept,” says Omer Arshed, a partner at RSM Canada. “This is something we’ve been managing for clients for over a decade. But AI has changed and added further complexity to the equation.”

RSM risk professionals caution companies about a new level of cyberthreats—mainly attributed to expanding AI use—but respondents in Canada and the U.S. almost universally felt confident in their current measures to safeguard data.

Download the full report now to learn more

Featured solution

Penetration testing

Identify how attackers will exploit your company’s weaknesses with pen-testing services.

Ready to understand your vulnerabilities

THE POWER OF BEING UNDERSTOOD

ASSURANCE | TAX | CONSULTING

RSM Canada LLP is a limited liability partnership that provides public accounting services and is the Canadian member firm of RSM International, a global network of independent assurance, tax and consulting firms. RSM Canada Consulting LP is a limited partnership that provides consulting services and is an affiliate of RSM US LLP, a member firm of RSM International. The member firms of RSM International collaborate to provide services to global clients but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmcanada.com/about for more information regarding RSM Canada and RSM International.

© 2026 RSM CANADA LLP. All rights reserved.