Three quarters of Canadian small and medium sized businesses are unprepared for cyber risks: Expert
North American businesses are worried about rising cyber security risk, with a new survey finding 77 per cent of IT managers expect a data breach at their companies within the next three years.
Data and analytics company Adastra shared the results Wednesday from its survey of IT professionals in the U.S. and Canada, conducted by Forum Research last month.
Kuljit Chahal, project lead of cyber security at Adastra North America, said the cyber threat landscape is evolving with more frequent and severe incidents, and said the survey results should remind companies of the importance of investing in data security resources and education.
“C-suite executives and IT people within organizations are concerned with cyber security incidents,” he said in a phone interview with BNNBloomberg.ca. “They are on the rise.”
Respondents to the survey said data security is a “game changer” for their companies heading into 2023. Most of the responding managers said their companies already have a cybersecurity division, at 68 per cent. Eighteen per cent said they are in the process of creating a cybersecurity division and just six per cent of respondents said they do not have one.
Chahal said neglecting this side of a business is a mistake – while some small companies think their size would not make them targets, he argued that’s not the case, with Statistics Canada research from 2021 suggesting nearly half of data breaches occurred in small- and medium-sized companies.
Data breaches can range from emails with confidential information sent outside the company, to bigger threats like ransomware attacks that bring down core business functions, Chahal said.
Major cyber incidents at big Canadian organizations like Sobeys and SicKids Hospital have captured headlines in recent months and highlighted the cyber risks that exist for companies both large and small. Sobeys parent company Empire Co. Ltd. recently said it would cost $25 million to recover from the cyber attack that paralyzed store pharmacy services and other store functions in November.
Chahal said smaller companies may have a harder time bouncing back from big breaches, but preparation in the form of policies and data training for employees can make things easier, particularly as people who were hired during the pandemic and working remotely may still be familiarizing themselves with company data policies.
Adastra suggests companies do keep employees up-to-date and educated on cyber security, and businesses should take steps to catalog data securely with back-up plans and regularly delete redundant data.
Early detection systems can also help prevent data breaches, Adastra said, as well as suggesting third-party audits to assess the organization’s vulnerabilities.
As people return to office, Chahal said “clean-desk policies” and refreshers on how to protect data when working with others are good measures to prevent unintentional breaches.
The online survey was conducted by Forum Research between December 2–14, 2022 and consisted of 882 IT professionals throughout the United States (589) and Canada (293). A poll of this size is considered accurate +/- 3.3 per cent 19 times out of 20.