Canada’s public sector faces a turning point in IT resilience

Technology leaders are adapting to growing demands for secure, reliable, and interoperable public-sector services. Photo by Robbie Palmer on Unsplash

There was a time when a “trillion” sounded like a made-up number, the kind kids used to win arguments about who had more Pokémon cards. 

Now it is part of Canada’s cybersecurity reality. 

Between October 2023 and September 2024, Shared Services Canada blocked 6.6 trillion suspicious events, and CSE intercepted another 2.4 trillion. The Auditor General’s report found important gaps in monitoring and response during real attacks, despite the scale of activity. 

The numbers are extraordinary, and they underscore how sharply the ground has shifted beneath Canada’s public systems. 

The volume of attempted intrusions highlighted by federal auditors shows how quickly threats are evolving, and how much strain aging infrastructure is placing on the country’s digital defences. 

It also raises a deeper question about whether the systems that support everything from service delivery to national coordination are equipped for the demands now being placed on them. 

That tension between escalating risk and outdated capacity is influencing how public-sector technology leaders plan, prioritize, and respond. It reflects the realities many institutions face as they work to modernize systems that have supported government operations for decades.

The widening gap between public-sector systems expectations

Federal oversight bodies have been warning for years that key government systems require modernization. 

Shared Services Canada’s Five-Year Departmental Evaluation Plan, 2025–30 notes that modernization efforts across shared infrastructure, hosting, and digital services remain underway, and that many older systems and platforms continue to support daily operations while this work progresses.

The pressures extend beyond technology. 

Many departments continue to rely on platforms that have been in place for decades, and the public service is seeing a gradual loss of legacy expertise as experienced staff retire. This creates operational strain at a time when cyber threats are increasing and the cost of sustaining older systems continues to rise, as highlighted in the Office of the Auditor General’s 2025 cyber security report.

These challenges are intensifying as expectations for accountability, service quality, and secure digital access grow. The federal government’s Digital Ambition 2024–25 sets out four measurable outcomes for public-sector digital performance, including the requirement that “data and information are foundational to service delivery and informed decision-making.” 

Achieving that outcome requires systems capable of moving, combining, analysing, and protecting data at speeds and standards older platforms were never designed to support.

Supporting research illustrates where these gaps are most visible. 

According to Unit4’s State of the Digital Nation 2025, 57% of Canadian public-sector leaders say major improvements are needed in data compatibility, and 66% are unsure their current strategies will deliver the interoperability they need.  

These shortcomings shape benefits administration, emergency coordination, procurement oversight, cybersecurity posture, and the ability to make informed decisions in real time. When governments cannot share or access data easily, everything from health response times to financial controls slows with it.

This combination of rising demand and uneven capacity is creating a new sense of urgency across executive teams. Many CIOs now find themselves responsible not only for technology strategy but for institutional resilience, fiscal stewardship, and system-wide risk management.

How structural reform becomes possible when leadership, standards, and policy align

A handful of jurisdictions are demonstrating what it looks like to tackle modernization at the root rather than the surface. 

Nova Scotia’s digital health overhaul, led by Scott McKenna, recently named the CanadianCIO Public Sector CIO of the Year, is a notable example. It shows that lasting progress depends less on acquiring new systems and more on establishing the foundations that allow systems to work together.

“Digital isn’t about technology, it’s about data and people for me,” McKenna says. 

Nova Scotia began by standardizing health information on the international Fast Healthcare Interoperability Resources (FHIR) Release 4 data standard and reinforcing it with legislation requiring health providers to share their records. Integration pipelines were then built to bring that data together into a comprehensive record for residents. 

“We declared a health standard for data in Nova Scotia,” McKenna says. “Everything we’ve been doing since then has been aligned.”  

He describes the leadership model required to put this structure in place. 

“One of the biggest differences between private sector and public sector, in my mind, isn’t about bureaucracy,” he explained. It’s about the level of risk we need to take,” he says.  “We need to be extremely bold, and we need to have visionary leadership.” 

While each province faces its own realities, the principles behind the approach, data standards, legislative backing, integrated pipelines, and strong executive sponsorship, translate across regions. 

They illustrate that modernization becomes possible when CIOs have both the structural authority and political alignment to pursue foundational change. They also demonstrate how governance decisions, not software purchases, determine whether transformation efforts can scale.

Modernization is increasingly central to economic resilience and national security

Nova Scotia’s progress shows that when data standards, governance, and executive alignment come together, foundational change becomes possible. 

It also highlights a broader reality across the country. Modernization places new responsibility on CIOs and technology leaders, who are being asked to guide system-wide choices about data, risk, and long-term infrastructure.

Federal audits have made clear where the risks sit, and findings in the State of the Digital Nation 2025 report have shown how interoperability gaps continue to affect daily operations.

These issues now intersect directly with institutional resilience and public trust. Moving forward will require governments to treat digital modernization as essential infrastructure, and to support CIOs with the mandate, clarity, and cross-department alignment needed to deliver it.

Canada’s competitiveness and the reliability of public services will increasingly rest on whether these leaders are empowered to act at the scale the moment demands.

Final shots

• Canada’s cyber threat volume shows that legacy systems are now a national-level risk, not an IT inconvenience.
• Modernization pressure is rising because outdated systems can’t meet the data, security, or service expectations of today’s economy.
• CIOs are becoming system leaders, responsible for resilience, governance, and long-term risk management across institutions.
• Structural progress depends on standards, legislation, and executive alignment, not new tools alone.
• Canada’s competitiveness will hinge on whether CIOs are empowered to modernize to the depth required.

Digital Journal is the national media partner for the CIO Association of Canada.