Ninety per cent of cyber incidents go unreported.
Furthermore, as I mentioned, there are no mandatory requirements for critical infrastructure operators or private sector entities to report cyber incidents.
You put your finger on a critical issue. The Canadian government and many entities simply do not have full visibility on the scale of the threat or the persistent nature of the threat. That is one of the key issues, and that is one of the reasons why President Biden moved to require mandatory cyber incident reporting for critical infrastructure.