Theft of trade secrets and confidential commercial information is a critical issue for Canadian businesses \u2013 and a critically under-reported one.\u00a0This is largely because the country\u2019s infrastructure for reporting cybercrimes is insufficient.<\/p>\n
To understand why the reporting mechanisms are such a problem, imagine that one day a Canadian company discovers a foreign actor has stolen its trade secrets and confidential commercial information.\u00a0The act is not just criminal; it also threatens the Canadian company’s future existence.\u00a0The foreign actor will use this stolen subject matter to compete against it, undercutting millions of dollars of research and development investment. What should the Canadian company do?<\/p>\n
The first reaction is probably to contact the police. Unfortunately, this isn\u2019t an easy thing to do. A visit to the RCMP’s website for reporting such a crime, the RCMP\u2019s National Cybercrime Coordination Unit<\/a>, makes for a depressing and uninspiring one.\u00a0The website informs users: \u201c[W]e\u2019re in the process of creating a new reporting system.\u00a0Once fully in place, in 2022, any victim of or witness to a cybercrime or fraud will be able use this system to report the crime online.\u201d<\/p>\n The website continues to say the National Cybercrime Coordination Unit (NC3) itself will only \u201creach full operating capability in 2023.\u201d\u00a0Hardly encouraging words for Canadian businesses that are being victimized.<\/p>\n Other law enforcement agencies in Canada are just as ineffectual as the RCMP.\u00a0The Ontario Provincial Police online crime reporting tool doesn\u2019t even mention cybercrime<\/a>.\u00a0The S\u00fbret\u00e9 du Qu\u00e9bec doesn\u2019t enable reporting crime online; it makes parties come in, in person.\u00a0In British Columbia, for municipalities with their own police forces, most crimes can be reported online only if they involve sums less than $10,000<\/a>.<\/p>\n Canada’s spy agencies are not doing great in this area either.\u00a0Canada’s domestic spy agency, the Canadian Security Intelligence Service (CSIS), has often said it is \u201ceager to help businesses protect themselves<\/a> amid a challenging security landscape.\u201d But it is not clear it has ever actually done so in a concrete way.\u00a0For example, CSIS has an online tool<\/a> for reporting tips concerning espionage, foreign interference and cyber-tampering affecting critical infrastructure.<\/p>\n But it’s not clear the tool is getting used for that.\u00a0Based on an access to information request<\/a>, CSIS confirmed that for the year 2020 it received 4,000 reports, of which 111 were deemed \u201crelevant\u201d and only two were actual \u201cthreats.\u201d But CSIS declined to answer if any of these tips concerned espionage, foreign interference and cyber-tampering (as opposed to its other priorities, like terrorism). In any case, CSIS is not a law enforcement agency and has virtually no obligation to share the information it receives with law enforcement agencies.<\/p>\n Also serving as a possible first stop for reporting cybercrime are other online reporting tools from agencies like the Canadian Centre for Cyber Security (with its tool for reporting cyber incidents<\/a>), the Canadian Anti-Fraud Centre (with its own online reporting tool<\/a>), and the Canadian Digital Service (which has an email address on its reporting page<\/a>).\u00a0But these sites all make one thing clear: they do not engage in law enforcement.<\/p>\n While vast swathes of the Canadian workforce have transitioned to online work, the country\u2019s law enforcement and intelligence communities, by comparison, seem like Luddites \u2013 incapable of keeping up with the evolving nature of the threat landscape for Canadian businesses and co-ordinating their efforts.\u00a0The federal and provincial governments and their agencies’ reporting tools are also unnecessarily complex, offering many reporting tools that should all be doing one thing, which none of them are currently doing well.<\/p>\n These shortcomings show where Canada stands on reporting cybercrime in comparison to our closest allies (to say nothing of actually investigating or prosecuting it).\u00a0Law enforcement in countries like the United States<\/a>, the United Kingdom<\/a> and Australia<\/a> all have more robust mechanisms than ours.<\/p>\n Unfortunately, these types of crime are all too real for Canadian businesses.\u00a0For example, in the early 2000s, Nortel\u2019s servers were repeatedly hacked by Chinese agents <\/a>siphoning off its IP and trade secrets. In 2017, Bombardier Aerospace saw much of its know-how for the certification of regional jets airlifted out of the country<\/a> by Mitsubishi Heavy Industries. Last year, Halifax-based crypto startup Groundhog saw an American competitor release a mimic product <\/a>the day before their own product was set to launch.<\/p>\n These experiences are terrifying for Canadian businesses, with economic consequences that can be painful to bear.\u00a0They also hurt Canadian innovation. Yet overall, the Canadian approach to address the problem is to leave companies to fend for themselves.<\/p>\n Like a user receiving a pop-up for a software upgrade, the Canadian approach to this problem has been to click \u201clater\u201d or \u201cremind me tomorrow.\u201d Canadian businesses have paid a price for that. It is time to upgrade Canada’s cybercrime reporting infrastructure now.<\/p>\n","protected":false},"excerpt":{"rendered":" Theft of trade secrets and confidential commercial information is a critical issue for Canadian businesses \u2013 and a critically under-reported one.\u00a0This is largely because the country\u2019s infrastructure for reporting cybercrimes is insufficient. To understand why the reporting mechanisms are such a problem, imagine that one day a Canadian company discovers a foreign actor has stolen […]<\/p>\n","protected":false},"featured_media":279863,"template":"","meta":{"_acf_changed":false,"content-type":"","ep_exclude_from_search":false,"apple_news_api_created_at":"2025-10-08T03:42:28Z","apple_news_api_id":"c070e623-613b-45b0-942d-d0745f6b0a9f","apple_news_api_modified_at":"2025-10-08T03:42:28Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AwHDmI2E7RbCULdB0X2sKnw","apple_news_cover_media_provider":"image","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_cover_video_id":0,"apple_news_cover_video_url":"","apple_news_cover_embedwebvideo_url":"","apple_news_is_hidden":"","apple_news_is_paid":"","apple_news_is_preview":"","apple_news_is_sponsored":"","apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":[],"apple_news_suppress_video_url":false,"apple_news_use_image_component":false},"categories":[9362,9372,9383],"tags":[8547,9241],"article-status":[],"irpp-category":[4245,4339,4337],"section":[],"irpp-tag":[7102],"class_list":["post-269799","issues","type-issues","status-publish","has-post-thumbnail","hentry","category-economie","category-recent-stories-fr","category-sciences-et-technologies","tag-cybersecurite-fr","tag-systeme-de-justice","irpp-category-economie","irpp-category-loi-et-justice","irpp-category-science-et-technologie","irpp-tag-cybersecurite"],"acf":[],"apple_news_notices":[],"yoast_head":"\n