Victim blaming is quietly undermining Canada's cyber resilience, according to a new opinion piece by Jonathan Weekes of the Canadian Cybersecurity Network. Cybercrime now rivals the size of the world's third-largest economy, and while artificial intelligence and new technologies accelerate its growth, victim blaming remains one of the most underestimated drivers sustaining it.
The Scale of the Problem
Every day, Canadians are targeted by cyber scams, data breaches, and digital fraud, including phishing, impersonation, identity theft, and online extortion. Many victims never come forward because they fear being blamed for what happened. This stigma compounds personal harm and allows cybercrime to expand in the shadows.
In February, the Government of Canada announced new measures to combat extortion and financial crime, including expanding financial intelligence resources, strengthening partnerships with banks and law enforcement, and establishing a new federal Financial Crimes Agency. These steps aim to improve detection, support investigations, and better protect Canadians and businesses from cyber-enabled crime.
Underreporting Hinders Progress
Despite growing enforcement efforts, cybercrime remains widely underreported. According to new data from the Angus Reid Institute, more than four in five Canadians have been targeted by an online scam in the past two years. The Canadian Anti-Fraud Centre (CAFC) reports that Canadians lost over $544 million to online fraud and scams by September last year alone.
Authorities warn that reported losses capture only a fraction of the true impact, estimating that only five to ten percent of cybercrime victims ever report what happened. When victims remain silent, the consequences extend beyond the individual: law enforcement lacks accurate intelligence, support services cannot reach those in need, policymakers underestimate the scope of the problem, and cyber criminals continue to thrive on a system where blame suppresses reporting.
Why Victim Blaming Persists
Cybercrime triggers a unique form of blame. Unlike physical crime, there is often no visible damage and no clear external cause. Victims are left replaying decisions, questioning judgment, and assuming responsibility for deception that was deliberately engineered. Public narratives reinforce this dynamic: cyber victims are often described as careless, distracted, or uninformed. Even victims internalize the idea that they should have known better.
The problem with this framing is that it no longer reflects how cybercrime operates. Cyber criminals now use generative AI to create phishing messages and deepfakes that mimic trusted contacts and familiar interactions with striking accuracy. This relationship-based social engineering draws on professional networks, email patterns, and online behaviour to exploit trust, emotion, and routine.
These tactics have already seen Canadians losing life savings to impersonation and grandparent scams, while relationship scams alone cost Canadians over $63 million in 2025, according to the CAFC. To build true cyber resilience, Canada must end victim blaming and focus on holding criminals accountable.
