Despite near-constant warnings, Canadian companies are getting hit harder than ever by cybersecurity incidents.
Driving the news: StatsCan released new data showing that one in six Canadian businesses were impacted by a cybersecurity incident in 2023. While that is down very slightly from 2021, the amount those companies spent on recovery doubled to $1.2 billion.
- The uptick is likely due to the fact that a greater portion of cyber incidents are now made up of identity theft, fraud, and ransomware, which can have expensive consequences.
- Only 12% of companies that were hit with ransomware paid up. Among those, the vast majority paid less than $10,000, but 4% paid over $500,000.
Zoom in: Bigger companies are a bigger prize for cybercriminals, but small businesses are feeling the effects, too:
- A study by IT firm Kyndryl and Amazon Web Services found that 60% of large Canadian companies experienced a cyber incident in the last 12 months, with 74% of those getting hit four or more times.
- Okta found roughly 75% of small- to medium-sized businesses use only basic antivirus software that doesn’t address where most cybercrime comes from — but 16% pay over $200,000 to update their systems after an attack.
- The effects aren’t just monetary: Roughly one-third of SMB owners who experienced a cyberattack reported it having an impact on their mental health.
Why it’s happening: Nearly three-quarters of cyber incidents are caused by human error, like an employee responding to a phishing email with private info, or failing to change a compromised password.
- AI has a role to play in helping cybercriminals automate tasks. That not only means, for example, writing and sending out more phishing emails, but tracking down info that makes a fake email from your boss or IT department more believable.
Why it matters: Despite a rash of high-profile incidents in recent years putting businesses on guard about cybersecurity, the data shows that they are still getting caught — and paying the price.