Canada’s federal government remains exposed to cyber threats due to weak coordination and inconsistent use of defence services, Auditor General Karen Hogan warned in a report tabled Tuesday.
The audit found that while tools exist to protect government networks, 119 of 204 federal organisations are not required to use cybersecurity services from Shared Services Canada and the Communications Security Establishment, creating a fragmented defence landscape.
Hogan cited poor coordination among agencies during active cyber attacks, noting one incident where delays extended the government’s response by seven days, leaving personal data at risk. Efforts to improve collaboration and modernise IT inventories remain underfunded or incomplete.
“Attacks on government systems are becoming more sophisticated and frequent,” Hogan said. “A coordinated and comprehensive approach is essential to protect Canadians’ information and maintain trust in government IT systems.”
