This Q&A is a part of Observer’s Professional Insights sequence, the place trade leaders, innovators and strategists distill years of expertise into direct, sensible takeaways and ship readability on the problems shaping their industries. At a second when cyber threats are escalating alongside geopolitical tensions, Canada finds itself at a crossroads: the right way to defend its digital infrastructure, defend its economic system and preserve international competitiveness whereas preserving the values of an open, democratic society.
Judith Borts, senior director of the Rogers Cybersecure Catalyst at Toronto Metropolitan College, sits on the intersection of coverage, safety and financial technique. With a profession spanning provincial financial growth, nationwide innovation coverage and cross-sector collaboration, Borts has change into one in all Canada’s most vocal advocates for treating cybersecurity not as a distinct segment technical specialty however as a shared societal duty—one that may decide the nation’s digital sovereignty within the years forward.
Her work on the Catalyst focuses on constructing the expertise, partnerships and operational capability Canada wants to face up to more and more subtle assaults. However it’s her coverage background that offers her a panoramic view of what’s at stake. Canada, she argues, can not afford a reactive strategy to cyber danger. Nation-state adversaries, felony networks and A.I.-accelerated threats are transferring sooner than conventional governance fashions can reply, and the downstream prices to Canadians are already huge.
Borts outlines the place Canada is falling behind international friends, what a really unified nationwide cyber technique would require and why expertise growth might finally matter greater than any single technological breakthrough. She additionally affords a candid have a look at the sectors most susceptible in the present day, the insurance policies wanted to strengthen resilience and the way rising applied sciences like A.I. and quantum computing will reshape the nation’s digital future. Canada’s prosperity more and more relies on one thing as soon as seen as purely defensive: a safe and trusted digital ecosystem.
With international alliances shifting and the U.S. pulling again from worldwide cooperation, how are these geopolitical tensions instantly reshaping Canada’s cybersecurity priorities and its position in intelligence-sharing networks?
At the same time as international alliances shift, intelligence sharing by networks just like the 5 Eyes, G7 and NATO stays robust. That’s not likely the place Canada’s greatest problem is. What we actually have to zero in on is constructing our personal sovereign defence and resilience—together with within the cyber and digital domains—so we are able to defend ourselves, reply shortly when threats come up and get well safely and securely.
Cyberattacks in the present day can come from anyplace (overseas governments, organized teams and even people), they usually pose actual dangers to Canadian establishments, companies and residents. Our nationwide safety and defence methods have to mirror that actuality. We have to make investments extra in homegrown expertise and innovation, from cybersecurity analysis to advances in A.I. and quantum applied sciences, in order that Canada can keep forward of the curve. It’s not about shedding belief in our allies; it’s about sustaining our robust relationships whereas additionally ensuring we’ve the energy and resilience to face on our personal when it issues most.
Which Canadian sectors are most uncovered to cyber danger, and the way ready are they to defend towards the subtle assaults we’re seeing in the present day?
Each sector in Canada, in addition to all over the world, is uncovered to cyber danger. Healthcare continues to face a number of the most seen and alarming threats. Ransomware assaults have compelled hospitals to cancel surgical procedures and even shut down emergency programs, placing affected person security instantly in danger. The vitality sector is one other main goal. And what was primarily about stealing information has now shifted to makes an attempt to intervene with the programs that hold our energy grid working. As our digital and bodily infrastructure turns into extra related, these dangers multiply and even a single profitable assault can throw important providers throughout the nation into chaos.
Canada’s economic system is powered by small and medium-sized companies, which make up about 99 % of all corporations within the nation and account for greater than half of the nation’s GDP. These corporations are more and more being focused however usually lack the specialised employees, coaching and assets to reply successfully. Plus, the impacts of a ransomware assault on an SMB’s backside line may be large.
We’re seeing progress in some areas, however these are nonetheless remoted efforts. Actual nationwide cybersecurity and resilience imply a coordinated strategy, one which brings robust safety requirements along with actual funding in schooling, innovation and long-term capability constructing. That’s how we hold Canada’s economic system safe and aggressive within the years forward.
What particular coverage mechanisms are wanted to create a unified nationwide cyber technique that additionally respects Canada’s various regional priorities?
A top-down strategy alone gained’t sustain with how briskly threats evolve or be capable of handle the sensible wants of all areas. Actual resilience comes from bringing federal, provincial and native efforts collectively so we are able to construct protected and safe communities, share data sooner, reply in actual time and construct belief throughout sectors.
We additionally have to make it simpler for Canadian companies to function securely, each at house and overseas. Which means making a extra harmonized and fewer fragmented set of cyber requirements and compliance necessities, so corporations aren’t compelled to navigate a maze of conflicting guidelines throughout jurisdictions. Taking a extra unified strategy that integrates main international approaches and constant requirements would assist Canada keep internationally aggressive whereas maintaining our digital ecosystem robust and safe.
In a nutshell, the federal authorities ought to set the nationwide imaginative and prescient and supply the framework and instruments whereas empowering native governments, organizations and innovators to adapt that framework to their realities. When everybody works from the identical playbook, safety can change into a part of how we do enterprise—not a barrier to it.
As cyber threats evolve, is Canada maintaining tempo with friends just like the U.S. and the E.U. in constructing defensive capabilities, or are governance gaps holding it again?
It’s an thrilling time for cybersecurity in Canada, however the reality is we’re not but maintaining tempo with our friends. The USA invests near $800 billion or 3.5 % of GDP yearly in analysis and growth, whereas Canada spends lower than 2 % of ours, and solely a fraction of that goes towards cyber and protection innovation. That hole issues. The European Union, in the meantime, approaches cybersecurity not simply as a safety challenge however as a pillar of financial resilience, seeing digital safety and competitiveness as two sides of the identical coin.
Canada has world-leading expertise in cybersecurity, A.I. and quantum. We’re additionally constructing a robust basis with proposed laws just like the Essential Cyber Programs Safety Act (Invoice C-8) and a rising base of innovation, however we have to transfer sooner—connecting our federal, provincial and municipal methods, strengthening our expertise pipeline and investing in homegrown know-how. If we deal with cybersecurity as each nationwide defence and financial alternative, we are able to shut the hole and place Canada as an actual chief within the digital future.
What are probably the most vital classes from current high-profile cyberattacks, and the way ought to they information efforts to construct systemic resilience?
If there’s one factor current cyberattacks have taught us, it’s that we have to get up. Nobody is absolutely being attentive to how severe this has change into. We’re seeing large fraud and information theft occurring quietly, day by day, and too usually the response is weak at finest. The impacts are usually not solely felt on the sufferer’s stage; the burden of the prices to Canadians is big, and we’re all paying for this.
And nonetheless, individuals aren’t altering their passwords, corporations nonetheless skip primary protections like multi-factor authentication, and we’ve normalized the concept our information will likely be stolen finally. That has to alter.
There’s a standard mantra within the cyber group that on the subject of cyber threats: ‘it’s not if, however when.’ However the lesson isn’t that assaults are inevitable. It’s that we have to take preventative motion and put together for potential threats. Complacency is our greatest weak point.
We are able to’t deal with cybersecurity as background noise whereas we rush to undertake new applied sciences like A.I. A.I. could make programs smarter, however it additionally makes cyber threats sooner, extra focused and tougher to detect. On the similar time, many organizations are adopting A.I. with out absolutely addressing the very actual dangers that include it. Each group embracing A.I. needs to be asking: Are we doing this in a manner that retains us safe and our shoppers/prospects protected?
True resilience isn’t about particular actions by a cyber workforce; it’s about how briskly and successfully we reply and the way critically we take the duty to guard ourselves within the first place.
What position ought to partnerships between universities, public establishments, authorities, personal trade and Canadian tech corporations play in constructing nationwide cyber resilience?
No single group can clear up Canada’s cybersecurity challenges by itself—the threats are too complicated, the digital infrastructure is just too huge and various and the stakes are too excessive. True resilience relies on everybody working collectively: universities driving analysis and creating expertise, authorities offering intelligence, steering and coordination, trade constructing safe programs and serving to to generate specialised expertise and Canadian tech corporations pushing innovation ahead.
However collaboration can’t simply occur in boardrooms or coverage papers: we even have to satisfy Canadians the place they’re. Digital resilience and cyber consciousness are not specialised expertise; they’re now primary office necessities. Everybody, no matter their position, wants to know the right way to defend data, handle digital instruments responsibly, and stay vigilant to evolving threats. If we’re going to succeed in everybody, it means discovering extra inventive and sensible methods to weave cyber consciousness and digital resilience into on a regular basis life, whether or not that’s by area people packages, small enterprise coaching or extra accessible schooling.
When universities, public establishments, authorities, and trade join instantly with Canadians, cybersecurity stops being an summary idea and turns into one thing everybody can participate in.
That whole-of-society strategy is not non-compulsory. It’s actually the inspiration of our nationwide resilience.
How does creating a talented and various cybersecurity workforce contribute to Canada’s digital sovereignty and long-term competitiveness?
Once we discuss securing Canada’s digital future, the actual benefit isn’t simply in know-how; it’s in individuals. We want Canadians to guard what issues to Canada and construct a strong digital infrastructure that we are able to depend on to maintain our economic system and nation rising within the face of mounting threats. This requires a reliable and succesful workforce. On the Catalyst, we’ve no delusions in regards to the impacts of A.I. on cybersecurity work. The important thing query is: what does a talented cybersecurity workforce seem like within the age of A.I.?
We’re hyper-focused on creating not solely expert cybersecurity professionals, but additionally serving to these in different organizational roles throughout totally different sectors to higher perceive the cybersecurity challenges they’re going through whereas sustaining a eager eye on rising applied sciences equivalent to A.I. and quantum computing. By our packages, we’re constructing job-ready professionals who can handle the human, organizational and technical problems with cybersecurity.
However in an period the place A.I. can automate sure technical capabilities, the actual problem—and alternative—is in guaranteeing that we’ve an agile workforce and that we educate and help people in exercising judgment, creativity, vital pondering, contextual understanding and moral reasoning that machines can’t replicate.
It’s like asking the way you preserve a group of nice writers when A.I. can draft a paragraph for you: the worth shifts to perception, empathy, technique and human perspective.
How can Canada’s cyber technique hyperlink safety, innovation and financial progress?
For too lengthy, we’ve talked about cybersecurity as a purely defensive measure. Many nonetheless view it as simply the price of doing enterprise. The reality is, within the fashionable economic system, cybersecurity is an funding, and resilience is one in all our greatest aggressive benefits. It’s the bedrock of nationwide prosperity and our ticket to sustaining our place as a severe participant on the worldwide stage.
Give it some thought: once we create an atmosphere constructed on digital belief, with infrastructure that’s each strong and safe, every little thing else follows. It’s what provides worldwide companions the boldness to take a position right here, and it’s what provides our personal innovators in vital sectors like finance, healthcare and know-how the safe launchpad they should carry their finest concepts to life.
So, the vital query is, how do you deliberately construct that sort of atmosphere? It doesn’t occur by chance, and it may well’t relaxation solely on a coverage or a plan. It solely comes about by motion.
By combining sensible authorities insurance policies and powerful mental property and patent protections with actual incentives for our companies, we cease treating cybersecurity as an issue to be solved and begin seeing it for what it’s: an enormous alternative to construct our subsequent era of tech leaders and safe Canada’s position as an innovator.
How will rising applied sciences equivalent to A.I. and quantum computing reshape Canada’s cybersecurity panorama, and what should be performed now to make sure a safe, sovereign, and aggressive digital ecosystem by 2030?
A.I. is rewriting the cybersecurity panorama, and quantum computing gained’t be far behind. Every one presents each enormous alternatives and severe threats. As these applied sciences begin to converge, we are going to see unbelievable new potentialities and potential, but additionally important energy to trigger actual injury if we’re not ready.
A.I. is now an arms race. For each superior danger detection mannequin we create, our adversaries are utilizing A.I. to launch assaults. And quantum computing is the horizon. This can threaten many of the widespread encryption used in the present day.
This new actuality calls for a strategic change, together with what the trade calls the “shift-left strategy.” Historically, safety testing occurred on the finish of a venture, simply earlier than the software program was launched. Shift-left flips that mannequin by pushing safety earlier within the growth cycle—basically “shifting” it to the left on the venture timeline.
For instance, as an alternative of ready till a brand new system is absolutely constructed to examine for vulnerabilities, builders ought to construct safety into the design on day one, after which take a look at for dangers at every step. This strategy comes from fashionable software program engineering, however it’s now important for cybersecurity: if rising applied sciences like A.I. aren’t constructed with security-by-design, we’re already behind.
Finally, by investing in expertise, concentrating on the most effective in R&D, and investing in an progressive ecosystem, Canada can make certain we’re not simply reacting to technological change however we’re main the change.
