A new study published last week by KPMG reveals that, given the increase in cybersecurity breaches, many Canadian business leaders are less confident in their ability to handle an attack.
According to KPMG International’s Global CEO Outlook Survey, the number of chief executive officers (CEOs) of large Canadian companies who said they were “well prepared” or “very well prepared” for a cyberattack fell 17 percentage points compared to last year. As for those who say they are “unprepared”, the number jumped by three percentage points.
CEOs also rank cybersecurity seventh behind a range of other pressing near-term risks, such as the economy, a potential recession, regulatory issues, and disruptive technologies.
Among small and medium-sized businesses (SMBs), another survey by KPMG in Canada found that they felt better prepared to deal with a cyberattack (up 9 percentage points), but more than two-thirds of them they admit that their cyber defenses could be “a lot stronger,” including raising employee awareness of cybersecurity. They ranked cybersecurity as their second most pressing concern.
“Many large companies have invested in cybersecurity technology, tools, and employee education programs over the years, but cyber threats are becoming more frequent and more sophisticated,” says Hartaj Nijjar, Partner and National Cybersecurity Industry Leader at KPMG in Canada. “So while companies may be fixated right now on near-term risks like a recession, it’s important not to take their eye off the ball when it comes to cybersecurity, because data breaches can cost organizations millions of dollars, and that’s not something most companies can afford in an economic downturn. Keeping company data secure is an investment that will always pay future dividends,” he added.
“The situation is different for small- and medium-sized organizations because many went from having little or no digital platforms pre-pandemic to having them today. Last year, as they were building their platforms, they may not have prioritized cybersecurity to the extent they are today,” says Robert Moerman, a cybersecurity partner at KPMG in Canada. “Now they better understand the risks and are either investing or planning to invest in appropriate defenses to protect their organizations.”
Canadian highlights from KPMG International’s CEO Perspective survey:
- 56 per cent of the CEOs at large Canadian companies say they are “well prepared” or “very well prepared” for a future cyberattack, down from 73 per cent in 2021.
- 20 per cent say they are “underprepared” for a cyberattack, up from 7 per cent last year.
- 24 per cent say they do not have a plan to address a potential ransomware attack, up from 5 per cent last year.
- Cybersecurity is the seventh most-pressing concern today. Economic issues, regulatory concerns and disruptive technology were listed as top concerns.
- 62 per cent said geopolitical uncertainty is raising concerns about a cyberattack in their organizations (lower than the global average of 72 per cent).
- 59 per cent said building a strong cybersecurity culture is just as important as building technological controls, down from 83 per cent last year (and lower than the global average of 73 per cent).
- 37 per cent do not think prioritizing and building a strong cyber culture is as important as technological controls, up from 3 per cent last year.
KPMG in Canada SMB poll highlights:
- 73 per cent are well prepared for a cyberattack, up from 64 per cent last year
- 56 per cent of SMBs said they had been attacked by cybercriminals in the past year (examples include an attack on electronic infrastructure and/or gaining unauthorized access to company data, phishing, malware, ransomware, denial of service, or insertion of malicious code).
- Half said they have had to deal with a ransomware attack in the past year.
- 59 per cent said their insurance companies covered their cyberattack-related losses.
- 68 per cent said they have a plan to address a ransomware attack if faced with one.
- 68 per cent said geopolitical uncertainty is raising concerns about a cyberattack in their organizations.
- 73 per cent said they view information security as a strategic function and a potential source of competitive advantage
- 78 per cent agreed that building a cybersecurity culture is just as important as building technological controls