A new survey has terrifying implications for Canadian businesses across the country.
Conducted by marketing research firm Ipsos Canada on behalf of Calgary-based accounting, tax and business consulting firm MNP LLP, the survey found that nearly 60 per cent of Canadian small business owners and C-suite executives either suspect or know for certain they were the victims of an external cyberattack during the last year, with 50 per cent of C-suite executives indicating that they know for certain that their company experienced a breach.
An additional three in 10 suspected their company was the victim of a breach in the past year, but didn’t know for certain.
And despite the overwhelming evidence indicating otherwise, eight executives in 10 reported being confident in their business’s ability to prevent an external hacking attempt, while 93 per cent of survey respondents indicated confidence in their ability to protect customer data.
In a Feb. 27 statement, former RCMP investigator and current MNP vice president of valuations, forensics, and litigation support Greg Draper called cyberattacks “a reality of doing business,” but added that the survey underlined just how poorly Canadian businesses are equipped to address them.
“There is a significant gap between the perceived preparedness of businesses and the number of data breaches occurring,” Draper said. “The number and sophistication of hackers is growing at light speed, but businesses are not evolving their prevention and detection strategies at the same rate. Developing an effective defense against external fraud is an exercise in continuous improvement, not just set-it-and-forget-it. That’s the part that businesses are missing here.”
For example, Draper called it “startling” that only 54 per cent of C-suite executives and small business owners reported using cybersecurity measures such as firewalls.
The findings were especially surprising given that upcoming changes to Canadian privacy laws will require Canadian companies to log and disclose all breaches, Draper noted.
“Along with the costs of a potential business disruption or loss of confidential information, businesses will start to see the breach-related expenses climb sharply when they are forced to publically disclose them,” he said. “Loss of customer confidence and potential legal action, fines for non-compliance and the resources to ascertain exactly how hackers got in and then implementing new security measures – the proactive approach to mitigating external fraud risk is far more cost-effective.”
In conducting the online survey, Ipsos polled 1000 owners of small businesses with between five and 99 employees, and 100 C-suite executives at businesses with more than 100 employees, between Jan. 17 and Jan. 26, 2017.