{"id":1334,"slug":"ibm-ponemon-canadian-breach-cost-2024","title":"IBM/Ponemon Cost of a Data Breach (Jul 30, 2024; 604 orgs; Mar 2023-Feb 2024): Canadian average CA$6.32M (down from CA$6.94M in 2023); 2025 figure ~CA$6.98M per separate edition","kind":"reference","scope":"business","status":"current","audiences":["kevin","smb-owner","candid-team"],"topics":["accuracy-risk-published-data","privacy-pipeda"],"reference_body":"**Claim:** **IBM/Ponemon Cost of a Data Breach Report** (Jul 30, 2024; **604 organisations**, Mar 2023-Feb 2024): Canadian average data-breach cost **CA$6.32M in 2024** (down from **CA$6.94M in 2023**). A later IBM edition reported a 2025 Canadian average of **~CA$6.98M** (per MobileSyrup).\n\n**Source:** canada.newsroom.ibm.com ; theglobeandmail.com ; mobilesyrup.com\n\n**Confidence:** Verified.\n\n**Caveat:** **Large-organisation averages, NOT SMB-specific** — do not imply an SMB faces a multimillion-dollar bill. IBM sells security AI and frames findings to favour it. The year-over-year direction across editions is inconsistent, so treat **CA$6.32M (2024) as the anchor** and the 2025 figure as a separate report year.\n\n**Why this matters for Candid:** Context for *magnitude*, not expected exposure. The \"60% of small businesses shut down within 6 months of a cyberattack\" Inc.com figure (via allcovered.com) is single-source, popular-press — treat cautiously and do not cite as established fact.","rationale_body":null,"metadata":null,"links":{"outgoing":[{"slug":"pipeda-breach-reporting-rrosh-24-month-records","title":"PIPEDA mandatory breach reporting (in force Nov 1, 2018): report RROSH breaches to OPC + notify affected individuals + KEEP RECORDS OF ALL BREACHES for 24 months","kind":"reference","scope":"business","link_type":"relates-to"}],"incoming":[{"slug":"research-brief-client-portals-smb-june-2026","title":"Research brief: client portals for SMBs — the honest case (June 2026)","kind":"reference","scope":"business","link_type":"relates-to"},{"slug":"caveats-client-portals-vendor-marketing-base","title":"Caveats for the client-portals brief: source-incentives are pervasive; the independent anchors are McKinsey and Gartner; market-size figures unreliable; the viral 42% stat is misattributed","kind":"reference","scope":"business","link_type":"relates-to"}]},"created_at":"2026-06-20T17:57:32.202Z","updated_at":"2026-06-20T17:57:32.202Z"}