Canadian businesses risk losing three-quarters of their customer base permanently following a data breach, new research shows, putting workplace cybersecurity training and IT investments at the forefront of employee responsibilities.
The 2025 Customer Identity Trends Report from Okta found that 76 per cent of Canadians will abandon companies after a security incident, with 36 per cent saying they would never return. The findings suggest that a single employee mistake or inadequate workplace security protocols could devastate a company’s revenue and reputation.
The research highlights how cybersecurity has evolved from an IT department concern to a business-critical issue affecting every employee, from front-line workers handling customer data to executives making technology investment decisions.
Workplace security gaps put small businesses at risk
The trust gap between large enterprises and small businesses presents particular challenges for Canadian workplaces. Only 27 per cent of consumers trust small businesses with their personal data, compared to 66 per cent who trust banks and 57 per cent who trust healthcare providers.
This disparity reflects the reality that small and medium-sized businesses—which employ millions of Canadians—often lack dedicated cybersecurity staff and comprehensive employee training programs available at larger organizations.
“In a digital-first world, trust is everything, and identity is at the heart of it,” said Greg Rainbird, Enterprise Market Lead, Auth0 at Okta. “Customers expect secure, seamless experiences, and businesses that fail to protect personal data risk losing them for good.”
Employee password habits create workplace vulnerabilities
The survey reveals widespread risky behaviors among Canadian workers that could compromise workplace security. Despite concerns about identity fraud, 65 per cent of respondents admit to reusing passwords across multiple accounts—a practice that could expose both personal and workplace systems to cyber attacks.
The habit stems from practical challenges, with 62 per cent saying it’s too difficult to remember unique passwords for every account. More than a quarter rely on two-factor authentication instead of creating unique passwords, suggesting many employees may be applying the same shortcuts to workplace systems.
These findings underscore the need for comprehensive workplace password policies and employee training programs to address human factors in cybersecurity breaches.
Generational differences shape workplace security attitudes
The research reveals significant generational divides that HR departments and managers must navigate when implementing security policies. Only eight per cent of Baby Boomers would remain loyal to a company after a data breach, compared to 33 per cent of Gen Z workers and consumers.
These attitudes likely extend to how different generations of employees view workplace security responsibilities and their willingness to adapt to new security measures.
AI adoption faces employee and customer resistance
As Canadian workplaces increasingly deploy AI tools, the survey found strong resistance from consumers, with 83 per cent preferring human interaction over AI agents. This preference creates staffing implications, as 66 per cent believe people better understand their needs compared to automated systems.
The reluctance extends to data sharing, with 56 per cent unwilling to trust AI agents with personal information and 77 per cent refusing to share financial data with AI systems. These findings suggest that businesses rushing to automate customer service may face backlash that could affect employee job security and customer retention.
“Strong security shouldn’t come at the cost of a seamless user experience,” said Shiv Ramji, President, Customer Identity Cloud, at Okta. “By removing the burden of remembering complex passwords, we not only improve security but also build the kind of effortless experience today’s users expect.”
Implications for Canadian workplaces
The research suggests that cybersecurity training should be mandatory for all employees, not just IT staff, given the severe consequences of data breaches. Companies may need to invest more heavily in user-friendly security tools and comprehensive training programs to prevent human error that could result in customer loss.
The study surveyed 6,750 consumers aged 18 to 64 across nine countries, including Canada, and was conducted by Statista for Okta.
