October 23, 2025
The Auditor General’s report released on cyber security of federal government networks and systems reveals vulnerabilities that demand immediate, coordinated action across all sectors and jurisdictions. The findings underscore a fundamental truth: digital security and digital trust are inseparable and require collaboration among government, industry, and civil society.
With 6.6 trillion malicious cyber events blocked in a single year and critical gaps in asset management and incident response, the cost of fragmented approaches is clear. When 80% of eligible federal organizations opt out of available security services, it creates exactly the vulnerabilities that sophisticated threat actors exploit.
These findings demand urgency. The January 2024 breach described in the report, where poor coordination enabled prolonged unauthorized access to Canadians’ personal information, demonstrates that cyber security is not only a technical challenge but also a trust challenge. When government systems are compromised, public confidence in digital services erodes, affecting everything from healthcare access to economic participation.
DIACC President, Joni Brennan, issued the following statement:
“DIACC has long advocated that secure digital services require interoperable, verifiable trust frameworks that bridge organizational and jurisdictional needs. The Auditor General’s findings reinforce why the DIACC’s Pan-Canadian Trust Framework exists: to provide commonly agreed-on business-problem-solving criteria and certification mechanisms that enable organizations to deliver secure, privacy-protecting services that Canadians can trust.”
The path forward requires collaboration. Federal, provincial, and territorial governments should collaborate with private-sector innovators and civil society to implement the comprehensive cyber security strategy that the Auditor General has acknowledged as sound and necessary. The way forward should also include:
- Establishing and adopting trusted services for digital identity verification and access control
- Ensuring visibility of verifiable digital assets through proper inventory and management systems
- Creating seamless coordination mechanisms for incident response across organizational boundaries
- Accelerating the adoption of privacy-preserving and enhancing technologies that protect Canadians while enabling secure service delivery
Both governments and the private sector bring essential strengths to this challenge. Governments provide regulatory frameworks, public mandates, and the reach to serve all Canadians. The private sector contributes innovation, technical expertise, and agile solutions. When we combine these complementary capabilities and work in partnership, we can move with urgency to address the Auditor General’s findings.
DIACC stands ready to support all levels of government and industry partners in implementing the digital trust and verification infrastructure that Canadians need. The time for inaction has passed. The cyber threats documented in today’s report are absolute, sophisticated, and persistent. Our response must be equally coordinated, comprehensive, and swift.
Canada has the expertise to lead in digital trust and verification. Now we must demonstrate the will to act.
Joni Brennan
President, DIACC
