Cybersecurity risks continue to increase as more businesses embrace technology. Malware was a major threat in 2017 and remains so in 2018. With 92% of malware delivered through email, your employees’ inboxes are still vulnerable entry points. And fileless malware has become more common; they are harder to detect and more likely to succeed.
All these threats beget one question: Can Canadian companies protect themselves from these risks? So far the answer is mixed. Here is some good news, bad news, and a few ugly truths about Canada and cybersecurity.
The bad news: Most Canadian companies are overconfident or unprepared
A recent report revealed how Canadian companies have an unrealistic view of their cybersecurity preparedness. A survey by a California-based data analytics company showed that 84% of Canadian executives believed their company was “better than average” or a “top performer” when it comes to fraud detection and cybersecurity. But the truth is far from that, and security experts who reviewed the survey agree that their confidence is misplaced.
This false sense of security is due to two main reasons. First, most senior executives have an incomplete picture of the current slew of cyberthreats they face. In a global security survey, only 16% of Canadian respondents say their executive board has a comprehensive understanding of information security. No wonder decision makers cannot make the right decisions.
Second, there’s a mistaken belief shared by executives that many Canadian companies are too small or too insignificant to qualify as a prime target for cyberattacks. This “It can’t happen to me” attitude is actually a vulnerability that crafty cybercriminals like to exploit.
Because of this overconfidence, spending for cybersecurity remains low. In the report “Impact of Cybercrime on Canadian Businesses, 2017”, Canadian businesses spent $14 billion on cybersecurity, or less than 1% of their total revenues. The same report noted that few Canadian businesses notify law enforcement agencies of cybersecurity breaches, which is why only over one-fifth of Canadian businesses reported they had a cybersecurity incident in 2017.
The good news: Data protection is going mainstream
While cybersecurity budgets among Canadian companies remain low, awareness about security threats is higher than ever, and growing. According to the 2018 Global Information Security Survey (GISS) of Ernst & Young Global Limited, 70% of Canadian companies increased their security budget in the past year, while 90% plan to do so in the next 12 months.
Another indicator that Canadians are beginning to get serious with their cybersecurity is the rise in their insurance spending. 40% of Canadian firms now have full-coverage cybersecurity insurance, a rise of 22% from 2017. Financial service companies are the ones leading the increase in spending.
What brought this about? Experts point to the enforcement of the mandatory reporting of security breaches beginning November 1, 2018, under the Personal Information Protection and Electronic Documents Act (PIPEDA). By law, private-sector organizations under PIPEDA are required to:
- Report to the Privacy Commissioner of Canada breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals;
- Notify affected individuals about those breaches; and
- Keep records of all breaches.
Non-compliance can mean fines of up to $100,000, thus companies are spending on insurance.
The ugly truth: Canadian companies still have a long way to go
Experts say that businesses are paying more attention to cybersecurity because of increased regulations and a broad awareness of the risks. But there remains a false sense of security due to a general lack of concern and inadequate knowledge, especially about the latest threats.
And it’ll become more challenging given the popularity and dangers of Internet of Things (IoT) devices. As the interconnectivity of people, processes, and devices increases, so does the number of potentially vulnerable points.
If you don’t want the stress of dealing with ever-increasing cyberthreats, then let our IT experts at Quicktech assist you. We offer 24/7 cybersecurity, proactive managed IT support, and IT consulting to companies in Burnaby, Richmond, Langley, and all other cities of Greater Vancouver. Trust us to handle your IT, so you can stay ahead of the competition. Get in touch with us today.