Rankiteo Logo
Rankiteo
See Your Ranking
Loading...

The Rankiteo MCP server is now available.

Discover MCP
!

Top 25 Worst Companies in Canada

Identify the lowest-scoring most renowned companies in Canada. Understand where critical cyber risk exposure exists in this country. 344 companies scored.

3,163
Companies in Canada
344
Scored
749.9
Avg Score
107
Cyber Incidents
Bottom 25
Shown
Add your company to the ranking

Canada Cybersecurity Risk Assessment - Lowest-Scoring Companies in 2026

Out of 3,163 companies in Canada monitored by Rankiteo, this page highlights the Bottom 25 organizations with the weakest cybersecurity posture. These rankings are based on our proprietary Cyber Resilience Score, which integrates time-decayed incident exposure, sector-sensitive impact analysis, and market-cap-aware baseline and dampening to produce a single, interpretable score between 100 and 1,000.

Companies at the bottom of this ranking carry the heaviest accumulated cyber incident burden - including recent or severe ransomware attacks, data breaches with significant financial losses or records exposed, and repeated disclosure events. Understanding where these risk concentrations exist is essential for supply chain risk management, regulatory compliance, and competitive benchmarking within Canada.

The current average score for the most notable companies in Canada is 749.9 out of 1,000. Companies shown below score significantly lower than this average, falling far behind a country that generally maintains reasonable security standards.

Risk Highlights

701
Lowest Score
749.9
Country Average
7%
Scoring B or Below
107
Recorded Incidents

Score Distribution

Aaa
0 (0.0%)
Aa
0 (0.0%)
A
13 (3.8%)
Baa
255 (74.1%)
Ba
52 (15.1%)
B
11 (3.2%)
Caa
8 (2.3%)
Ca
3 (0.9%)
C
2 (0.6%)
#CompanyLabelScoreBandIncidentsScore Bar
1
CIRO / OCRIciro.ca
Finance and Insurance360C7
2
Freedom Mobilefreedommobile.ca
Telecommunications465C5
3
Crisis24crisis24.com
Investigation and Security Services552Ca2
4
President's Choice Financialpcfinancial.ca
Finance and Insurance570Ca1
5
Canadian Institute for Cybersecurityunb.ca
Scientific Research and Development Services597Ca2
6
No Frillsnofrills.ca
Supermarkets and Other Grocery (except Convenience) Stores608Caa2
7
Maropostmaropost.com
Software Publishers618Caa1
8
TELUS Digitaltelusdigital.com
Computer Systems Design and Related Services626Caa3
9
Desjardinsdesjardins.com
Commercial Banking629Caa3
10
SterlingBackchecksterlingbackcheck.ca
Human Resources Consulting Services631Caa2
11
Nova Scotia Health Authoritynshealth.ca
Health Care and Social Assistance639Caa3
12
Sangomasangoma.com
Telecommunications640Caa3
13
City of Ottawa / Ville d’Ottawaottawa.ca
Public Administration645Caa2
14
Sollio Cooperative Groupsollio.coop
Crop Production661B1
15
Nova Scotia Powernspower.ca
Utilities665B3
16
Loblaw Companies Limitedloblaw.ca
Retail Trade670B1
17
Shoppers Drug Martshoppersdrugmart.ca
Retail Trade672B2
18
Mercer Canadamarsh.com
Professional, Scientific, and Technical Services673B1
19
House of Commons of Canada Chambre des communes du Canadaourcommons.ca
Legislative Bodies676B3
20
Vancouver Coastal Healthvch.ca
Health Care and Social Assistance688B1
21
Durham District School Boardddsb.ca
Administration of Education Programs689B1
22
Aspire Softwareaspiresoftware.com
Software Publishers692B1
23
Toronto District School Boardon.ca
Elementary and Secondary Schools692B1
24
Sinai Healthsinaihealth.ca
Health Care and Social Assistance696B1
25
Grass Valleygrassvalley.com
Broadcasting (except Internet)701Ba1

How Cyber Risk Scores Are Calculated

Rankiteo's Cyber Resilience Score produces a single value between 100 and 1,000 for each organization, where higher scores indicate lower estimated cyber risk. The framework integrates three principal components that together balance evidence, context, and comparability across industries and company sizes. Learn more in our AI Cyber Score methodology.

Understanding the Risk Bands

Each score maps to a letter-grade band. Companies appearing in this lowest-scoring ranking typically fall in the bottom bands:

  • Aaa (900-1,000): Exceptional cyber resilience - very few companies in a worst list reach this level.
  • Aa (800-899): Very strong security posture with minimal weaknesses.
  • A (700-799): Strong practices with some areas for improvement.
  • Baa (600-699): Adequate protection but notable security configuration gaps exist.
  • Ba (500-599): Below average - multiple risk areas require attention.
  • B (400-499): Weak security with significant exposure across categories.
  • Caa (300-399): Very weak with a high probability of exploitable vulnerabilities.
  • Ca (200-299): Critically poor with severe, widespread security gaps.
  • C (0-199): Extreme risk - immediate remediation is needed across all dimensions.

Why Monitoring Low-Scoring Companies in Canada Matters

Cybersecurity risk doesn't exist in isolation. If your organization works with, purchases from, or shares data with companies in Canada, their security weaknesses become your risk. Supply chain attacks - where adversaries compromise a less-secure vendor to reach a larger target - have become one of the most common and damaging attack vectors in recent years.

Rankiteo continuously monitors 3,163 companies in Canada, keeping these rankings up to date so you always have an accurate, current picture of the country's risk landscape.