Cybersecurity Canada — Free Assessment & Resources for Canadian Businesses
Assess your organization's cybersecurity posture against the Government of Canada's recommended baseline controls. Free, confidential, under 30 minutes.
Based on the Canadian Centre for Cyber Security's Baseline Controls
The Canadian Centre for Cyber Security applied the 80/20 rule — achieve 80% of the benefit from 20% of the effort — to create a condensed set of security controls for small and medium organizations. Our assessment is built on these baseline controls: practical, prioritized guidance designed to deliver the biggest security gains for your investment.
Cybersecurity Canada is an independent resource and is not affiliated with, endorsed by, or connected to the Canadian Centre for Cyber Security, the Communications Security Establishment, or the Government of Canada.
What We Assess
Our assessment covers all 13 Baseline Control areas defined by the Canadian Centre for Cyber Security, plus organizational context.
Latest Cybersecurity News
Stay informed about cybersecurity in Canada.
Understanding CVSS Scores: What the Numbers Behind Software Vulnerabilities Actually Mean
When a vulnerability is rated 8.8 or 10.0, what does that actually mean for your business? Here's a plain-language guide...
Read moreHow to Choose a Cybersecurity Provider for Your Canadian Small Business
Managed service providers, MSSPs, consultants, and vCISOs — the options for outsourced cybersecurity are growing. Here's...
Read moreWhy Our Free Cybersecurity Assessment Doesn't Collect Your Data
Most online assessment tools require your email before showing results. Ours doesn't collect anything — not your name, n...
Read moreCanadian Cybersecurity Resources
Official Government of Canada cybersecurity resources for organizations.
Report a Cyber Incident
Report a cyber incident to the Canadian Centre for Cyber Security for assistance and guidance.
Report nowBaseline Controls Document
The official CCCS Baseline Cyber Security Controls for Small and Medium Organizations.
View documentAlerts & Advisories
Stay informed about current cyber threats and vulnerabilities affecting Canadian organizations.
View alertsCyber Security Audit Program
The CCCS Cyber Security Audit Program helps Canadian organizations assess and improve their cybersecurity posture.
Learn moreCybersecurity Canada is an independent resource and is not affiliated with, endorsed by, or connected to the Canadian Centre for Cyber Security, the Communications Security Establishment, or the Government of Canada.
Cybersecurity for Canadian Businesses
Common questions about cybersecurity requirements and resources for Canadian organizations.
What cybersecurity standards apply to Canadian small businesses?
The Canadian Centre for Cyber Security publishes the Baseline Cyber Security Controls for Small and Medium Organizations (ITSM.10.089), which defines 13 control areas as the minimum recommended security standard for Canadian SMBs. These controls cover incident response, patch management, authentication, data backup, network security, and more. Additionally, businesses that handle personal information must comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), which requires organizations to protect personal data and report breaches to the Office of the Privacy Commissioner of Canada.
Is there a free cybersecurity assessment for Canadian businesses?
Yes. While we are not affiliated with the Canadian Centre for Cyber Security, this free online cybersecurity assessment is based on the Canadian Centre for Cyber Security's 13 Baseline Controls. The assessment includes 50 questions, takes under 30 minutes, and provides an overall compliance score, letter grade, detailed breakdown by control area, and actionable recommendations. The tool is 100% confidential — all processing happens in your browser and no data is transmitted or stored.
What are the 13 Baseline Cyber Security Controls for Canadian organizations?
The 13 Baseline Controls defined by the Canadian Centre for Cyber Security are: (1) Incident Response Planning, (2) Patch Management, (3) Anti-Malware, (4) Secure Configuration, (5) Authentication, (6) Security Awareness Training, (7) Data Backup and Recovery, (8) Mobile Device Security, (9) Network and Perimeter Security, (10) Cloud Services Security, (11) Web Application Security, (12) Access Control and Authorization, and (13) Portable Media Security. These controls are designed to provide 80% of the security benefit from 20% of the effort, making them practical for organizations with limited resources.
How do I report a cyber incident in Canada?
Canadian organizations can report cyber incidents to the Canadian Centre for Cyber Security, which provides guidance and assistance during active incidents. Fraud and phishing should be reported to the Canadian Anti-Fraud Centre (CAFC) at 1-888-495-8501. If a breach involves personal information, organizations are required under PIPEDA to report to the Office of the Privacy Commissioner of Canada and notify affected individuals.
What is Cybersecurity Canada?
Cybersecurity Canada (cybersecuritycanada.ca) is a free, independent resource that helps Canadian businesses assess and improve their cybersecurity posture. It provides a free online assessment based on the Canadian Centre for Cyber Security's 13 Baseline Controls, along with news, guides, a glossary, and curated government resources. The site is built by Cyber Unit, a Canadian cybersecurity company, and does not collect user data.
How can I check my business's cybersecurity in Canada?
You can evaluate your organization's cybersecurity posture using the free assessment at cybersecuritycanada.ca. The tool measures your security across the 13 Baseline Controls defined by the Canadian Centre for Cyber Security, takes under 30 minutes, and runs entirely in your browser with no data collection. You receive a score, letter grade, and specific recommendations for each control area.
Is cybersecurity mandatory for Canadian businesses?
While Canada does not mandate specific cybersecurity measures for all businesses, the Personal Information Protection and Electronic Documents Act (PIPEDA) requires organizations that handle personal information to implement appropriate security safeguards and report breaches. The Canadian Centre for Cyber Security's Baseline Controls represent the Government of Canada's recommended minimum standard. Bill C-26 (Critical Cyber Systems Protection Act) introduces additional requirements for federally regulated operators of critical infrastructure.
What government cybersecurity resources are available for Canadian businesses?
The Canadian Centre for Cyber Security (cyber.gc.ca) publishes the Baseline Cyber Security Controls for Small and Medium Organizations, alerts and advisories, and guidance publications. The Get Cyber Safe campaign (getcybersafe.gc.ca) provides public awareness resources. Cybersecurity Canada (cybersecuritycanada.ca) curates these resources and provides a free assessment tool based on the CCCS Baseline Controls.
About Cybersecurity Canada
Cybersecurity Canada (cybersecuritycanada.ca) is a free, independent resource dedicated to helping Canadian businesses strengthen their cyber security posture. We provide a free cybersecurity assessment based on the Government of Canada's 13 Baseline Cyber Security Controls, published by the Canadian Centre for Cyber Security.
Whether you are a small business owner in Ontario, a startup in British Columbia, or a medium-sized enterprise in Alberta, Cybersecurity Canada offers practical, accessible guidance grounded in Government of Canada standards. Our assessment tool, educational content, and curated resources are designed to make cyber security actionable for organizations that may not have dedicated security teams.
Built by Cyber Unit, a Canadian cybersecurity company, Cybersecurity Canada is and will remain a free community resource. We do not collect your data, require sign-ups, or gate any content behind a paywall.
Helping Canadian Businesses Stay Secure
Cybersecurity Canada is a free community initiative by Cyber Unit, providing resources and assessment tools to help Canadian small and medium businesses understand and improve their cybersecurity posture, based on Government of Canada standards.