In the face of rising U.S. tariffs and increasing global cyber threats, the Catalyst partnered with In-Sec-M to launch a Canadian-focused directory for cyber companies called Buy Canadian Cyber. The initiative is already a great success: we’ve listed over 200 Canadian cybersecurity companies in the Buy Canadian Cyber directory, making it easier than ever for businesses to find and procure trusted, homegrown cyber solutions.
In talking to several companies listed at Buy Canadian Cyber, we’ve noticed a few common themes emerging as these thought leaders address the cyber landscape and the evolving scope of risk in Canada and worldwide.
How the risk is accelerating
Daly Brown, co-founder and CEO of Metropolitan Technologies, notes that “critical infrastructure, and the operational technology essential to its functioning, are high-value targets because attacks on them can cause life-threatening and/or costly effects.” Brown also notes that in 2024, there was a 146% rise in cyberattacks causing physical impairment to operations.
He adds, however, that the critical infrastructure market has traditionally been “very risk-averse, and penetrating the market has been historically difficult. Many infrastructure operators have existing systems they’ve relied upon for decades and have been reluctant to adopt newer technologies.”
All is not lost. Brown believes that the digital transformation of industry “is reaching a tipping point. Operators are acknowledging the benefits of increasing connectivity within their infrastructure.”
Kate Mitchell, head of marketing for F12.net, agrees: “Cybersecurity isn’t just a technical challenge in Canada; it’s a business responsibility. Canadian businesses are under increasing pressure to meet regulatory expectations, defend critical infrastructure, and maintain operational continuity.”
But in a uniquely Canadian response to the threat, Mitchell sees a lot of hope. “We approach [the responsibility] differently than our global peers. There’s less noise and more accountability; less selling fear and more solving real problems.”
It’s not just big businesses at risk anymore
Deepak Kumar, director of VerveDelight, says that the days of believing cybercrime is a “big company” problem are over. “If you think cybercrime won’t affect you, think again,” he says. “Hackers don’t discriminate by size or sector — they look for vulnerability. From phishing emails and ransomware to social engineering and data theft, cyber threats are silently targeting small businesses, schools, nonprofits, and local governments every day.”
Laird Wilton, co-founder of Carbide, agrees. “Today’s threats don’t wait for your company to become a household name,” he says. “Small and medium-sized businesses and startups are targeted because they hold sensitive data and connect to larger enterprise ecosystems.”
Lorissa Dong, marketing director of Myntex, goes even further, saying that even people who consider themselves “careful with their phones” need to be wary of personal cyber attacks. Dong cautions Canadians from assuming that “mobile threats only succeed when users make mistakes.”
She elaborates: “People may use strong passwords, avoid sketchy apps, manage permissions, and perform good cyber-hygiene, but… today’s mobile threats don’t always look like malware or phishing links. Nation-states and private vendors now use commercial spyware, zero-click exploits, and silent data extraction tools that bypass user behaviour entirely.”
“You won’t see them coming,” Dong says, “and you won’t know they were there.”
How the Canadian mindset about cyber is changing
F12’s Kate Mitchell says, “For years, IT was treated like a utility — kept in the basement, underfunded, and only noticed when something broke. That’s changing. AI has kicked the door wide open. Suddenly, boards want to understand exposure, risk, and governance. They’re asking real questions about how data flows, who has access, and what happens when something goes wrong.”
The mindset shift excites Mitchell. “It’s not just about stopping threats anymore,” she says. “It’s about building smarter, faster, more secure businesses.”
Myntex’s Lorissa Dong agrees. “We’re energized by how quickly Canada is embracing cybersecurity as a national priority,” she says. “Canada’s National Cyber Security Strategy is a bold step forward, pairing public-private collaboration with real investment in innovation, talent, and resilience.”
What excites Dong is Canada’s shift “toward sovereign, Canadian-built solutions. As mobile threats escalate, we’re seeing growing demand for secure, zero-trust platforms that don’t depend on foreign infrastructure or third-party clouds.”
How Canadian companies are meeting the challenge
Carbide’s Laird Wilton is enthusiastic about how our national character is meeting this moment. “Canada punches well above its weight in the global cybersecurity landscape, and that’s no accident,” he says. “Canadian companies bring together world-class technical talent, a strong culture of innovation, and a regulatory environment that is adapting to modern challenges in privacy and responsible data stewardship. Our diverse, globally connected workforce offers unique perspectives, driving Canada’s cybersecurity approach.”
VerveDelight’s Deepak Kumar adds that Canada’s “strong privacy laws, multicultural talent pool, and collaborative ecosystem that bridges government, academia, and industry positions us to lead in building secure, inclusive, and human-centric cyber solutions.”
“What’s truly inspiring is how Canadian organizations are blending innovation with ethics,” Kumar finishes. “Canadian providers are developing solutions that are both effective and trustworthy. This balanced, people-first approach positions Canada as a global leader in shaping the future of cybersecurity.”
