Hackers target credentials and AI tools as North America tops global attack charts
AI-accelerated cyberattacks helped make North America the most targeted region in the world last year – and Canadian financial firms are squarely in that environment.
IBM’s 2026 X-Force Threat Intelligence Index says North America accounted for nearly one-third of all incidents its team responded to, with shared cloud infrastructure, interconnected supply chains, and similar attacker behaviours linking those patterns directly to Canadian enterprises.
The report flags a 44 percent rise in attacks that start by exploiting public-facing applications, often through missing authentication controls and AI-enabled vulnerability discovery.
Globally, vulnerability exploitation became the leading cause of cyberattacks in 2025, as organizations deal with aging systems, patching delays, and rapidly expanding SaaS environments.
Finance and insurance saw 27 percent of global attacks in 2025, in line with the concentration of high-value data in the financial sector.
Manufacturing remained the most attacked industry globally at 27.7 percent, and government and public sector organizations worldwide faced attacks driven by phishing and valid account use.
Credentials remain central to attacker tactics.
In North America, credential harvesting was the most common impact, showing how compromised accounts continue to fuel attacks.
Cybercriminals also targeted AI platforms directly: infostealer malware exposed more than 300,000 ChatGPT credentials globally in 2025, illustrating the risk when AI tools run without adequate safeguards.
The X-Force report says adversaries are using AI to compress decision cycles, scale phishing attacks, and manipulate digital identities, enabling less-skilled attackers to run campaigns that once required advanced capabilities.
“Canadian organisations are facing a perfect storm: legacy systems, rapid AI adoption, and increasingly automated threats,” said Chris Sicard, security leader at IBM Canada.
He said “traditional, reactive security models are no longer enough” and urged organisations to modernise authentication, secure AI and “hunt for vulnerabilities before attackers do.”
IBM’s recommendations for Canadian organizations include:
-
Secure AI platforms as core infrastructure, with conditional access and strong identity controls
-
Modernize authentication and treat identity as critical infrastructure
-
Continuously hunt for vulnerabilities across cloud, applications and networks
-
Map external attack surface exposure, including leaked credentials and client-specific assets
-
Strengthen patching and configuration hygiene to cut the most exploited attack paths
