In 2017, Statistics Canada performed its first-ever in-depth report on cybercrime and its impact on Canadian businesses. Released in late 2018, The Canadian Survey of Cyber Security and Cybercrime was a monumental first step in increasing awareness and stressing the importance of cyber security for Canadian organizations.
Here’s what it had to say:
Canadian Businesses: Cybercrime Stats You Need to Know
Billions Spent on Cyber Security
According to the report, Canadian businesses spent a total of $14 billion on cybercrime detection, prevention and recovery in 2017, with larger organizations (250+ employees) spending the most at $948,000. Medium-sized businesses (50 to 249 employees) spent $113,000 and small businesses (10 to 49 employees), $46,000:
- $4 billion for cyber security-related software and hardware
- $8 billion for paying employees and contractors specializing in cyber security
- $2 billion on prevention and recovery
One-Fifth of Canadian Businesses Affected
In 2017 alone, 21% of Canadian businesses experienced some form of cyber breach that affected their ability to operate (this number does not include businesses affected by cybercrime who did not report it). Of that 21%:
- Larger businesses (41%) were twice as likely to experience a cyber attack than smaller businesses (19%). The highest number of incidents per sector include:
- Banking institutions (excluding investment banking) - 47%
- Universities - 46%
- Pipeline transportation subsector - 45%
- 58% suffered from some form of IT downtime (an average of 23 hours including mobile devices, desktops and networks).
- 54% were unable to carry out daily operations
- 53% were unable to use or access company resources (servers, networks, desktop PCs, email etc.)
- 38% reported the motive of attack was to steal or demand money
- 26% reported the attackers tried to gain access to restricted areas – many of those incidents included an attempt to access financial or personal info
Cyber Security Is Inconsistent
The majority of Canadian organizations (95%) utilized some form of cybersecurity in 2017 - 74% of which had hired or contracted employees directly responsible for IT services. Despite most companies using some form of protective measures, they were inconsistent:
- 32% did not employ any form of network security
- 26% had no additional email security software or protocols
- 24% did not use anti-malware software
Employee Monitoring and Preventative Action
Of the Canadian businesses who did submit data for the 2017 survey, only 13% had any form of implemented workplace procedures regarding cyber security actions and protocols:
- While 85% of businesses overall took action to monitor their network and systems, only 38% monitored their employee practices
- 66% of businesses allowed employees to use personal devices for work purposes yet less than half (47%) had security policies in place surrounding personal device use
- Less than 60% of surveyed businesses had conducted cyber security risk assessments
- When it came to cyber liability insurance, fewer than 15% of small and medium-sized businesses had invested in any form of coverage to protect them against risks and threats vs. 24% of large businesses.
The Canadian Survey of Cyber Security and Cybercrime represents a great first step in stressing the importance of cyber security for Candian businesses of all sizes. However, based on the numbers reported, it’s clear that businesses are still putting themselves at risk – and they aren’t even aware of it.
Don’t let your organization become a victim of cybercrime. Find out where you’re most vulnerable by taking our free risk assessment or learn how much IT downtime is costing you by taking advantage of our easy-to-use downtime calculator.