Canadian agencies do not have the capacity or capability to police cybercrime: AG

The RCMP and other Canadian security agencies do not have the capacity or capability to effectively police cybercrime, according to a new report from Canada's auditor general — a concerning problem, it says, in the face of increasingly frequent and devastating blows.

«Without prompt action, financial and personal information losses will only grow as the volume of cybercrime and attacks continues to increase,» said the report, made public Tuesday.

The report looked at how the Mounties, Communications Security Establishment (CSE) — which hosts the Canadian Centre for Cyber Security — and the Canadian Radio-television and Telecommunications Commission (CRTC) handle hacks on businesses, organizations and individuals.

«We found breakdowns in response, coordination, enforcement, tracking, and analysis between and across the organizations responsible for protecting Canadians from cybercrime.»

One of the main gaps in the system, according to the auditor general, is around reporting.

«Under the current system, people are left to figure out where to make a report or may be asked to report the same incident to another organization,» said their report.

For example, between 2021 and 2023, CSE deemed that almost half of the 10,850 reports it received were out of its mandate because they related to individual Canadians and not to organizations.

However, the auditor general's office said in many cases, CSE did not tell people to report their situation to another authority.

When cases do make it to the RCMP, which is responsible for investigating criminal offences, they face another set of challenges, according to the report.

When the auditor general peeked under the RCMP's hood it found the Mounties weren't tracking cases properly.

«This