Cybersecurity Awareness Month takes place every October to help businesses and individuals stay secure online by understanding the risks associated with malware, phishing, ransomware, and cyberattacks. This includes how to identify, prevent, and fight data breaches.

Most people think they’re computer savvy and cannot fall for cyber scams, but the fact is, even tech experts fall for phishing attempts. Each year, more and more people and businesses get scammed online, and it’s costing us billions of dollars.

The Cost of Cyberattacks

In 2022 the average cost of a data breach hit an all-time high of $4.4 million, up 2.6% from 2021 and a 13% increase from 2020. The damage from data breaches varies from industry to industry. For example, the average data breach in healthcare hit $10.10 million in 2022, the highest for any industry. The second highest industry was finance, averaging $5.97 million, followed by data breaches in critical infrastructure businesses at $4.82 million.

Cyber criminals also know the best geographical targets for making the most money. The top five countries and regions with the highest average cost of a data breach are the U.S. at $9.44 million, the Middle East ($7.46 million), Canada ($5.64 million), the UK ($5.05 million), and Germany ($4.85 million).

Canada continues to be a top magnet for cyber criminals with companies in the financial sector paying the biggest cost for data breaches at $520 per record. Canadian tech companies paid an average $433 per record, followed by the service industry at $362 per record. The national average across all sectors was $298 per record.

But there’s more to cybercrimes than cost.

Online attacks often lead to the theft of a customer’s sensitive, critical information. Data breaches can also ruin a company’s reputation. A survey by Forbes found that 46% of businesses suffered reputational damage from a data breach and 19% of organizations suffered both reputation and brand damage as a result of a third-party data breach. That’s almost half of all businesses surveyed.

Companies That Experienced Cyberattacks in 2022

From cryptocurrency thefts to telecom giants, ride share companies, and state-funded attacks, 2022 has been one for the record books, and it’s not over yet.

Marquard & Bahls

In late January, hackers took down German energy giant Marquard & Bahls. A ransomware program forced the closure of up to 2,300 gas stations across Germany. Shell, one of the world’s biggest oil suppliers, had to re-route its supplies to alternative supply depots.

Initially, experts said the attacks came from BlackHat, a Russian group that has targeted oil pipelines. The country’s Interior Ministry said there was no data to prove that cyberattacks are linked to Russia.

Blockchain is touted as being one of the most secure forms for processing transactions, but they are susceptible to data breaches, especially from the inside.

In January, an attack at, one of the world’s largest cryptocurrency exchanges, targeted 483 people’s cryptocurrency wallets, walking away with $18 million in Bitcoin, $15 million in Ethereum, and $66,200 in other cryptocurrencies.

The company initially downplayed the data breach, calling it “an incident” saying “no customers experienced a loss of funds,” but eventually, it admitted money had indeed been stolen.


Cyber criminals didn’t show Christian fundraising site GiveSendGo any love in February. The site was targeted a number of times that month. On February 13, a hacker leaked a file containing the personal information, including names, donation amounts, and limited credit card data, of more than 92,000 people who donated money to the Freedom Convoy—a truckers protest that was opposed to COVID-19 vaccine mandates and restrictions that shut down Ottawa for three weeks.

Two days later, a bigger leak revealed the entire donor history of every single person who had ever used GiveSendGo, as well as limited credit card data.

Later in the month, GiveSendGo’s “Adopt a Trucker” campaign had its donor data leaked. On top of that, the campaign’s founder had his emails hacked and leaked.

Microsoft Corp

Even a software giant like Microsoft Corp can become a victim of cybercrime. In March 2022, Microsoft was targeted by LAPSUS$, a hacking group that had previously targeted Nvidia, Cisco, Samsung, T-Mobile, Okta Inc, Ubisoft, and Impresa.

The hackers gained access to Microsoft’s systems on March 20 and posted a screenshot on their Telegram channel saying they had hacked Microsoft and compromised Cortana, Bing, and several other products.

It took two days for Microsoft to contain the breach. While the hackers did steal some material, the company said only one account was compromised and no customer data was stolen.

Uber Technologies, Inc

Ride share company Uber was hacked in mid-September by LAPSUS$. The company only found out after the hacker announced the attack on its Slack organization, saying: “I am a hacker and Uber has suffered a data break.” The company responded by shutting down its internal messaging service.

The hacker, an 18-year-old using the alias Tea Pot, said he gained access to the company’s data by sending a text message to an Uber worker claiming to be an Uber IT employee. He then persuaded the worker to give him their password. The information stolen from the breach was then sold on the dark web.

The same hacker claims to have also breached video game maker Rockstar Games and downloaded early footage for Grand Theft Auto VI.

The Future of Cyberattacks

Despite our best efforts to thwart data breaches, cybercrimes will continue to damage organizations at a torrid pace. By 2025, cybercrime is projected to cost the global economy $10.5 trillion annually, up from $4 trillion in 2015.

To put that number into perspective, if cybercrime was a country, it would be the third largest economy in the world, behind only the U.S. and China. Canada’s annual GDP is a mere $1.5 trillion, making it the ninth-largest economy in the world.

With cybersecurity spending on the part of government entities, corporations, and individuals on the rise, cybersecurity stocks could be some of the biggest winners over the coming years.

Investing in the Cybersecurity Industry with CYBR ETF

If you’re looking to invest in a cybersecurity ETF, consider Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR). CYBR ETF invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here:

For the latest information on investing in cybersecurity and industry updates on related investment products, sign up for our weekly newsletter.


The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.
Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units.
Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.

Tags breaches  cyber  cyber attack  cyber etf  cybercrime  cybersecurity  cybersecurity etf  data breach  evolve cyber security index fund  Hackers