More than half of attacked Canadian firms paid cyber ransoms: Survey

Just over half of surveyed Canadian organizations hit by ransomware or malware have paid the amounts demanded by cybercriminals.

That’s one of the findings of a poll released this morning of 491 medium and large companies, conducted last October for the Quebec-based IT services firm NoviPro.

The respondents included 288 IT decision-makers, 97 decision-makers who do not work in IT, 81 decision-makers who are neither directors nor IT and 25 NoviPro clients.

Of the companies that paid a ransom, one in three retained the services of a negotiator, while 23 per cent proceeded without the help of an intermediary.

“As an entrepreneur, I am very concerned that so many organizations are paying a ransom,” Yves Paquette, co-founder and chief executive officer of NoviPro said in a statement. “Companies need to be proactive in preventing cyberattacks, otherwise the impact will be devastating to them and their customers. If organizations invested even a fraction of the potential cost of an attack, they could easily put systems in place to guard against such fraud. In the physical world, you’d employ a detachment of guards to protect something with a seven-figure value, however, there still seems to be a disconnect when the ‘something’ is digital.”

Among other findings

  • respondents attributed 66 per cent of cyberattacks on what the report summarizes as “internal sources,” including employees and partners. 31 per cent of attacks were attributed to a “malicious internal source,” 22 per cent to an unintentional internal source, and 13 per cent to partners, suppliers or clients. 27 per cent of attacks were attributed to an external source not related to the company;
  • 43 per cent of respondents said they are increasingly concerned about cyberattacks since the hybrid work model was introduced. The percentage of companies that have reviewed their security practices in response to the pandemic slightly decreased last year
    compared to 2020 (76 per cent vs. 81 per cent);
  • 28 per cent of respondents estimated the cost of a cyber attack on their firm was less than $50,000. The same number estimated the cost was between $50,000 and $250,000. 25 per cent of respondents estimated the cost was over $500,000;
  • only 43 per cent of respondents said they reported a data breach to customers.

This was the sixth edition of the Canada-wide study examining IT trends and the state of technology in large and medium-sized Canadian businesses, including AI and cybersecurity investment plans, perception of IT infrastructure, the “great resignation” and cloud computing.

In an interview, Paquette said that if organizations had put 10 per cent of what they paid in a ransom towards improving cybersecurity they would lower the odds of being victimized. And they don’t necessarily have to make large expenditures in hardware and software, he added. Sometimes it’s enough to review and update the firm’s cybersecurity practices. Increasing cybersecurity training of employees is also relatively inexpensive. What’s vital, he said, is that cyber training be regular. It’s also vital that it be part of the onboarding process for new employees. Having an up-to-date inventory of all corporate data so IT  and management know what needs to be protected is also relatively inexpensive, he added.

Finally, it doesn’t cost much to make sure only those staffers who need privileged access to data should have it, he said.

The full survey results are available here. Registration is required.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs